Adding ipp2p modules on the iptables requires: iptables≥1.4.3, kernel ≥2.6.29.
When compiling ipp2p this extension I was CentOS 2.6.32-573.3.1.el6.centos.plus.x86_64 this kernel pit, which was installed when Yum update The last thing I had to do was raise my core directly to 4.2.0.
Here if you have encountered is the 2.6.32-573.3.1.EL6.CENTOS.PLUS.X86_64 kernel recommendations directly upgrade the kernel first.
Compiling the 4.2.0 kernel
[Root@lookback-server-ol02 ~]# wget http://mirrors.dwhd.org/Kernel/v4.x/linux-4.2.tar.xz
[Root@lookback-server-ol02 ~]# tar XF linux-4.2.tar.xz-c/usr/src/
[Root@lookback-server-ol02 ~]# cd/usr/src/linux-4.2/
[Root@lookback-server-ol02 ~]# cp/boot/config-' uname-r '. config
[Root@lookback-server-ol02 ~]# sh-c ' yes ' | Make Oldconfig '
[Root@lookback-server-ol02 ~]# make-j ' awk '/processor/{a++}end{print A} '/proc/cpuinfo ' Bzimage
[Root@lookback-server-ol02 ~]# make-j ' awk '/processor/{a++}end{print A} '/proc/cpuinfo ' modules
[Root@lookback-server-ol02 ~]# make-j ' awk '/processor/{a++}end{print A} '/proc/cpuinfo ' Modules_install
[Root@lookback-server-ol02 ~]# make install
[Root@lookback-server-ol02 ~]# Sed-ri ' s/(default=). */\10/'/boot/grub/grub.conf
[Root@lookback-server-ol02 ~]# reboot
Installing IPP2P Extensions
[Root@lookback-server-ol02 ~]# Yum install-y http://pkgs.repoforge.org/rpmforge-release/ rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
[Root@lookback-server-ol02 ~]# yum clean all && yum Makecache
[root@lookback-server-ol02 ~]# yum install gcc gcc-c++ make automake unzip zip xz kernel-devel Iptables-devel Perl-text-cs V_xs-y
[Root@lookback-server-ol02 ~]# wget http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/ Xtables-addons-2.10.tar.xz
[Root@lookback-server-ol02 ~]# Tar XF xtables-addons-2.10.tar.xz
[Root@lookback-server-ol02 ~]# CD xtables-addons-2.10/
[Root@lookback-server-ol02 ~/xtables-addons-2.10]#./configure
[Root@lookback-server-ol02 ~/xtables-addons-2.10]# make-j ' awk '/processor/{a++}end{print A} '/proc/cpuinfo ' & & make install && CD geoip/
[Root@lookback-server-ol02 ~/xtables-addons-2.10/geoip]#./xt_geoip_dl
[Root@lookback-server-ol02 ~/xtables-addons-2.10/geoip]#./xt_geoip_build geoipv6.csv
[Root@lookback-server-ol02 ~/xtables-addons-2.10/geoip]#./xt_geoip_build geoipcountrywhois.csv
[Root@lookback-server-ol02 ~/xtables-addons-2.10/geoip]# mkdir-p/usr/share/xt_geoip/
[Root@lookback-server-ol02 ~/xtables-addons-2.10/geoip]# cp-a be le/usr/share/xt_geoip/
Take a look at the usage format of ipp2p
[Root@lookback-server-ol02 ~]# iptables-m ipp2p--help | Sed-n-E '/ipp2p/,//p '
ipp2p v0.10 Match options:
--EDK [TCP,UDP] all known edonkey/emule/overnet packets
--DC [TCP] All known Direct Connect packets
--kazaa [TCP,UDP] all known Kazaa packets
--gnu [TCP,UDP] all known Gnutella packets
--bit [TCP,UDP] all known BitTorrent packets
--apple [TCP] all known Applejuice packets
--WINMX [TCP] all known WinMX
--soul [TCP] all known Soulseek
--ares [TCP] all known Ares
Experimental protocols:
--mute [TCP] all known mute packets
--waste [TCP] all known waste packets
--XDCC [TCP] all known XDCC packets (only XDCC login)
Demonstration of the specific usage of ipp2p extensions
# #下面的是封IPv4出本机的P2P
[Root@lookback-server-ol02 ~]# iptables-t mangle-i output-p tcp-m ipp2p--ares--soul--winmx--apple--dc-j DROP
[Root@lookback-server-ol02 ~]# iptables-t mangle-i output-m ipp2p--edk--kazaa--bit--gnu-j DROP
# #下面是封进入本机的P2P
[Root@lookback-server-ol03 ~]# iptables-t mangle-i input-m ipp2p--edk--kazaa--bit--gnu-j DROP
[Root@lookback-server-ol03 ~]# iptables-t mangle-i input-p tcp-m ipp2p--ares--soul--winmx--apple--dc-j DROP
[Root@lookback-server-ol03 ~]# iptables-t mangle-l input-nvx--line-numbers
Chain INPUT (Policy ACCEPT packets, 5245 bytes)
Num pkts bytes target prot opt in Out source destination
1 0 0 DROP TCP--* * 0.0.0.0/0 0.0.0.0/0-M ipp2p--dc--APPL E--soul--winmx--ares
2 0 0 DROP All--* * 0.0.0.0/0 0.0.0.0/0-M ipp2p--edk--gnu --kazaa--bit
# #下面的是封禁JP IPv4 's visit
[Root@lookback-server-ol02 ~]# iptables-t filter-i input-m geoip--src-cc jp-j DROP
[Root@lookback-server-ol02 ~]# iptables-t mangle-l output-nvx && iptables-t filter-l INPUT-NVX
Chain OUTPUT (Policy ACCEPT 12559 packets, 3858834 bytes)
Pkts bytes Target prot opt in Out source destination
0 0 DROP All--* * 0.0.0.0/0 0.0.0.0/0-M ipp2p--edk--gnu--kazaa- -bit
0 0 DROP TCP--* * 0.0.0.0/0 0.0.0.0/0-M ipp2p--dc--apple--soul- -winmx--ares
Chain INPUT (Policy DROP 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination
0 0 DROP All--* * 0.0.0.0/0 0.0.0.0/0-M GeoIP--source-country JP