Good day,
I am trying to make my iptables work with '-m random', which is a
topic discussed many times by many people, as you know.
>From already existing information on the network, everyone said the
'official' way is to using the 'patch-o-matic' to patch iptables and
the kernel. So I downloaded these things:
kernel version: 2.6.16.21
iptables version: 1.3.8-6904 (svn checkout)
patch-o-matic-ng version: 20070711 (snapshot)
but after going through the '#./runme extra' script within
patch-o-matic, I found no patch is related to the '-m random' thing.
So my question is: does patch-o-matic-ng include a patch for '-m
random'? If not, is there some place I can get that patch?
PS: I've also found a discussion on lists.netfilter.org, in which a
manual method is suggested:
http://lists.netfilter.org/pipermail/netfilter/2006-July/066313.html
However, it seems that the suggestion is for older kernels because
kernel implementation in those places have changed somehow:
1. Although I can find the 'match()' and 'checkentry()' methods in
'include/linux/netfilter/x
_tables.h', they take another form now,
2. and more importantly, the whole kernel sources don't contain a
'ipt_rand_info' structure (and I am a little confusing about where to
put '.matchsize = sizeof(ipt_rand_info)')
Any idea? Thank you! :)
Regards,
- Feng
I am trying to make my iptables work with '-m random', which is a
topic discussed many times by many people, as you know.
>From already existing information on the network, everyone said the
'official' way is to using the 'patch-o-matic' to patch iptables and
the kernel. So I downloaded these things:
kernel version: 2.6.16.21
iptables version: 1.3.8-6904 (svn checkout)
patch-o-matic-ng version: 20070711 (snapshot)
but after going through the '#./runme extra' script within
patch-o-matic, I found no patch is related to the '-m random' thing.
So my question is: does patch-o-matic-ng include a patch for '-m
random'? If not, is there some place I can get that patch?
PS: I've also found a discussion on lists.netfilter.org, in which a
manual method is suggested:
http://lists.netfilter.org/pipermail/netfilter/2006-July/066313.html
However, it seems that the suggestion is for older kernels because
kernel implementation in those places have changed somehow:
1. Although I can find the 'match()' and 'checkentry()' methods in
'include/linux/netfilter/x
_tables.h', they take another form now,
2. and more importantly, the whole kernel sources don't contain a
'ipt_rand_info' structure (and I am a little confusing about where to
put '.matchsize = sizeof(ipt_rand_info)')
Any idea? Thank you! :)
Regards,
- Feng