Dec 032009
 

i’m not gonna wasting time, here’s how to do it

Download xtables-addons

# wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/1.20/xtables-addons-1.20.tar.bz2?use_mirror=waix

install kernel-devel kernel-headers iptables-devel gcc

# yum -y install kernel-devel kernel-headers iptables-devel gcc

extract xtables-addons-1.20.tar.bz2

# tar xjf xtables-addons-1.20.tar.bz2

cd to xtables-addons-1.20 directory

# cd xtables-addons-1.20

Compile xtabless-addons

# ./configure --with-kbuild=/lib/modules/`uname -r`/build --with-xtlibdir=/lib64/xtables
# make
# make install

Available modules on xtables-addons

# -*- Makefile -*-
#
build_ACCOUNT=m
build_CHAOS=m
build_DELUDE=m
build_DHCPMAC=m
build_ECHO=
build_IPMARK=m
build_LOGMARK=m
build_RAWNAT=m
build_STEAL=m
build_SYSRQ=m
build_TARPIT=m
build_TEE=m
build_condition=m
build_fuzzy=m
build_geoip=m
build_iface=m
build_ipp2p=m
build_ipset=m
build_ipv4options=m
build_length2=m
build_lscan=m
build_pknock=m
build_psd=m
build_quota2=m

test one of modules installed, e.g geoip

#iptables -m geoip -h
....
....
....
geoip match options:
[!] --src-cc, --source-country country[,country...]
        Match packet coming from (one of) the specified country(ies)
[!] --dst-cc, --destination-country country[,country...]
        Match packet going to (one of) the specified country(ies)

NOTE: The country is inputed by its ISO3166 code.

done 🙂

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.