Netfilter/iptables Module Compilation and application

I believe a lot of people will use iptables, I have been using, and every day. Especially after watching platinum << How to add a new module >> introduction to Iptables, I feel that it is necessary to have a deeper understanding of its expansion function. So immediately download, First look at its description, its function is very exciting, such as: Comment (note matching), string (string matching, can be used for content filtering), Iprang (IP range matching), time (matching), ipp2p (point-to-point matching), Connlimit (matching the number of connections), Nth (nth package match), GeoIP (matching according to country region). IPP2P (point to Point Match), quota (quota match), there are many ... After the compilation, after several tests, the rh7.3 kernel2.4.18-3 and rh9.0 Kernel2.4.20-8 were successfully implemented to add extensions. The following is a description of some of its functions, and the compilation method. Environment rh9.0 Kernel2.4.20-8. Root identity.

One, prepare the original code.

1. Kernel source code: In order to reduce complexity, do not compile all the kernel and modules, it is recommended to find a similar to the current version of the original kernel code, recommended installation of the CD

A. [Root@kindgeorge] Uname-r (view current version)

2.4.20-8

You can cd/usr/src see if you have this directory 2.4.20-8

B. or [Root@kindgeorge]rpm-qa|grep kernel

Kernel-source-2.4.20-8 If this description is installed.

If it is not installed, it can be copied or installed RPM-IVH kernel-source-2.4.18-3.i386.rpm in the RH second CD. After installation, linux-2.4 connections and linux-2.4.20-8 directories appear in/usr/src/.

C. Download A and current version of the kernel source code in http://www.kernel.org or www.redhat.com.

2. Get the latest information first, of course, to http://www.netfilter.org or http://www.iptables.org (these two URLs are the same).

The download column to the left of the website has already explained the latest version of iptables-1.3.1

[Root@kindgeorge SRC] cd/usr/src/

A. Get the latest Iptables:wget http://www.netfilter.org/files/iptables-1.3.1.tar.bz2

Decompression: Tar xjvf iptables-1.3.1.tar.bz2

B. Get the latest Patch-o-matic-ng address: ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/

[Root@kindgeorge src] wget ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20050331.tar.bz2