Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
Kernel-2-6 and iptables issue
m.hrad at intv
Aug 8, 2007, 6:44 AM
Post #1 of 2 (1911 views)
Permalink
Hi
I would like to have one questionregarding to the compilation of the
linux-kernel (2.6) and iptables.

I need to run a firewall within the linux box, which could support at
least ipp2p filtering, l7-layer filtering, connlimit, quota, tarpit,
ip_mark.

I would like to know which version of the kernel, iptables,
patch-o-magic and other patchs to use to make compilation of the kernel
and iptables without any errors.

I have aleady tried to use kernels and iptables of many versions but the
compilation of kernel was broken with some errors.

For instance I used this packages:
linux-2.6.16.27.tar.bz2
iptables-1.3.5.tar.bz2
patch-o-matic-ng-20060626.tar.bz2
patch-o-matic-ng-20060511.tar.bz2

linux-2.6.16-imq2.diff
iptables-1.3.0-imq1.diff
esfq-2.6.15.1.tar.gz

netfilter-layer7-v2.2.tar.gz
l7-protocols-2006-05-21.tar.gz

- but without success. (there was incompatibily pointer with connlimit
and tarpit)


Please, can you tell me which version can I use for proper kernel
compilation ?

Thanks

Regards

Miroslav
Re: Kernel-2-6 and iptables issue [ In reply to ]
omasnjak at gmail
Aug 8, 2007, 12:48 PM
Post #2 of 2 (1795 views)
Permalink
Hi,
Hi,

I do not understant why you are using kernel+iptables ....etc...

You should include support for iptables in kernel there is I think in
networking options. After kernel compilation ( with iptables support )
you will have iptables packet included and be able to make iptables
rules. patch-o-matic is neccessary when you want to add some features
into iptables that is not yet included in kernel version and then you
patch kernel ( adding that feature to iptables ).
For example, for L-7 filtering you will need ( AFAIK ) to patch
kernel to add that feature. Google for " patching kernel " and you
will find a lot of links with detailed informations.
In following link is example how is patched kernel to add geiop
feature to iptables
http://www.debian-administration.org/articles/518

With regards

Elvir Kuric

PS: Sorry, I forgot to " reply to all " in prior mail :)

On 8/8/07, Hrad Miroslav <m.hrad@intv.cz> wrote:
> Hi
> I would like to have one questionregarding to the compilation of the
> linux-kernel (2.6) and iptables.
>
> I need to run a firewall within the linux box, which could support at
> least ipp2p filtering, l7-layer filtering, connlimit, quota, tarpit,
> ip_mark.
>
> I would like to know which version of the kernel, iptables,
> patch-o-magic and other patchs to use to make compilation of the kernel
> and iptables without any errors.
>
> I have aleady tried to use kernels and iptables of many versions but the
> compilation of kernel was broken with some errors.
>
> For instance I used this packages:
> linux-2.6.16.27.tar.bz2
> iptables-1.3.5.tar.bz2
> patch-o-matic-ng-20060626.tar.bz2
> patch-o-matic-ng-20060511.tar.bz2
>
> linux-2.6.16-imq2.diff
> iptables-1.3.0-imq1.diff
> esfq-2.6.15.1.tar.gz
>
> netfilter-layer7-v2.2.tar.gz
> l7-protocols-2006-05-21.tar.gz
>
> - but without success. (there was incompatibily pointer with connlimit
> and tarpit)
>
>
> Please, can you tell me which version can I use for proper kernel
> compilation ?
>
> Thanks
>
> Regards
>
> Miroslav
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal