Jun 082016

Here is how you can compile and install xtables-addons on CentOS 7.
first, Install Dependencies:

# yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` wget unzip iptables-devel perl-Text-CSV_XS

download xtables-addons

# wget http://ufpr.dl.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.10.tar.xz

extract, compile and install

# tar -xJf xtables-addons-2.10.tar.xz
# cd xtables-addons-2.10
# configure
# make && make install


and now for example we want to use geoip module, first of all install geoip database for xtables-addons.
still from xtables-addons-2.10 directory.

# cd geoip
# ./xt_geoip_dl
# ./xt_geoip_build GeoIPCountryWhois.csv
# mkdir -p /usr/share/xt_geoip
# cp -r {BE,LE} /usr/share/xt_geoip
# modprobe xt_geoip

if you want only allow ssh connection from certain country(ie. ID) and drop the rest here’s how to do it.

# iptables -I INPUT -p tcp --dport 22 -m geoip ! --src-cc ID -j DROP
Jul 032009

Pertama download kernel source kernel 2.6.26.

# wget -t0 -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2

Download iptables 1.4.1 source.

# wget -t0 -c http://www.netfilter.org/projects/iptables/files/iptables-1.4.1.tar.bz2

Download patch l7 + IMQ (untuk kernel dan iptables) yg sudah saya modifikasi jadi satu bundle.

Extract, patch dan compile kernel source(to RPM)

# tar xjf linux-2.6.26.tar.bz2
# cd linux-2.6.26
# patch -p1 < ../linux-2.6.26-layer7-imq.patch
patching file drivers/net/imq.c
patching file drivers/net/Kconfig
patching file drivers/net/Makefile
patching file include/linux/imq.h
patching file include/linux/netfilter/xt_IMQ.h
patching file include/linux/netfilter/xt_layer7.h
patching file include/linux/netfilter_ipv4/ipt_IMQ.h
patching file include/linux/netfilter_ipv6/ip6t_IMQ.h
patching file include/linux/skbuff.h
patching file include/net/netfilter/nf_conntrack.h
patching file include/net/netfilter/nf_queue.h
patching file net/core/dev.c
patching file net/core/skbuff.c
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_conntrack_core.c
patching file net/netfilter/nf_conntrack_standalone.c
patching file net/netfilter/nf_queue.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/xt_IMQ.c
patching file net/netfilter/xt_layer7.c

# cp /boot/config-`uname -r` .config
# make clean
# make menuconfig

Continue reading »