Iptables (kernel 2.6.18) adds the time module-Linux Enterprise Application-Linux server application information. The following is a detailed description. System: CentOS 5.1 kernel: 2.6.18-53.1.19.el5
Iptables version 1.3.5 (included in the System)
Download a kernel: unzip the linux-2.6.18 to/usr/src/linux
# Cd linux
# Make mrproper
# Make menuconfig
Do nothing. Quit.
Vi Makefile
Change EXTRAVERSION = to EXTRAVERSION =-53.1.19.el5
Make sure the version is consistent with that of uname-.
Download an iptables1.3.5 file and decompress it to/usr/src/iptables (which will be used below)
Select y. At this point, the netfilter patch is complete. If you need other modules, add them as needed.
Compile the kernel modules
# Cd/usr/src/linux
# Make menuconfig
In Device Drivers->; Networking support->; Networking options->; Network packet filtering (replaces ipchains)
->; IP: select the following two M items in Netfilter Configuration.
; TIME match support
Save and exit.
Compile and install the module
The following is the most important step, because our principle is to save time, not re-compile the kernel, but only compile the modules in it. The 2.4 kernel is different from the 2.6 kernel, the kernel module of 2.4 is *. o format, while the 2.6 kernel is *. ko format,
[Root @ jiecho] # make modules
HOSTCC scripts/basic/fixdep
HOSTCC scripts/basic/split-include
HOSTCC scripts/basic/docproc
HOSTCC scripts/conmakehash
HOSTCC scripts/kallsyms
CC scripts/empty. o
HOSTCC scripts/mk_elfconfig
MKELF scripts/elfconfig. h
HOSTCC scripts/file2alias. o
HOSTCC scripts/modpost. o
HOSTCC scripts/sumversion. o
HOSTLD scripts/modpost
HOSTCC scripts/pnmtologo
HOSTCC scripts/bin2c
At this point, ctrl + c can be aborted, because we do not need to compile all modules, which is a waste of time, rather than just the netfilter module, however, if you directly execute make modules SUBDIRS = net/ipv4/netfilter, an error will occur, which is the difference between 2.4 and 2.6, after a series of required files under the scripts directory, we can make modules SUBDIRS = net/ipv4/netfilter and use modpost to put *. o file generated *. ko file.
# Make modules SUBDIRS = net/ipv4/netfilter
Copy the compiled module after compiling the netfilter module.
# Chmod + x/usr/src/linux/net/ipv4/netfilter/ipt_time.ko
# Cp/usr/src/linux/net/ipv4/netfilter/ipt_time.ko/lib/modules/2.6.18-53.1.19.el5/kernel/net/ipv4/netfilter/
# Depmod-a or insmod/usr/src/linux/net/ipv4/netfilter/ipt_time.ko
# Lsmod | grep ip
Now you can see the following
Ipt_time 6400 1
But it cannot be used yet, but it still lacks libipt_time.so.
Iptables compiled and downloaded
# Cd/usr/src/iptables
# Make KERNEL_DIR =/usr/src/linux
# Make install KERNEL_DIR =/usr/src/linux (many warnings and errors are reported during compilation !)
After you finish,
# Cp/usr/src/iptables/extensions/libipt_time.so/lib/iptables
At this end, iptables-a input-m time -- timestart -- timestop -- days Mon, Tue, Wed, Thu, Fri
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
