rhel6.0 x86-64
server:192.168.0.5
软件下载:
yum install iptables-devel kernel-devel
unxz xtables-addons-1.37.tar.xz
tar -xf xtables-addons-1.37.tar
cd xtables-addons-1.37
less INSTALL #查看源码包INSTALL文件
....
Supported configurations for this release
=========================================
* iptables >= 1.4.3 #对系统iptables版本的要求
* kernel-source >= 2.6.29 #对系统内核版本的要求
with prepared build/output directory
- CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
- CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
enabled =y or as module (=m)
- CONFIG_CONNECTOR y/m if you wish to receive userspace
notifications from pknock through netlink/connector
....
./configure
make
make install
[root@server5 extra]# ll /lib/modules/2.6.32-71.el6.x86_64/extra/xt_ipp2p.ko
-rw-r--r-- 1 root root 363608 May 13 22:21 /lib/modules/2.6.32-71.el6.x86_64/extra/xt_ipp2p.ko
[root@server5 xtables]# ll /lib64/xtables/libxt_ipp2p.so
-rwxr-xr-x 1 root root 19926 May 13 22:21 /lib64/xtables/libxt_ipp2p.so
[root@server5 xtables]# iptables -F #将链规则清空
[root@server5 xtables]# modprobe -l | grep ipp2p
extra/xt_ipp2p.ko
[root@server5 xtables]# modprobe xt_ipp2p #加载模块
[root@server5 xtables]# lsmod | grep ipp2p
xt_ipp2p 8679 0
compat_xtables 6046 1 xt_ipp2p
[root@server5 xtables]# iptables -m ipp2p --help
....
ipp2p v0.10 match options:
--edk [tcp,udp] All known eDonkey/eMule/Overnet packets
--dc [tcp] All known Direct Connect packets
--kazaa [tcp,udp] All known KaZaA packets
--gnu [tcp,udp] All known Gnutella packets
--bit [tcp,udp] All known BitTorrent packets
--apple [tcp] All known AppleJuice packets
--winmx [tcp] All known WinMX
--soul [tcp] All known SoulSeek
--ares [tcp] All known Ares
EXPERIMENTAL protocols:
--mute [tcp] All known Mute packets
--waste [tcp] All known Waste packets
--xdcc [tcp] All known XDCC packets (only xdcc login)
....
[root@server5 ~]# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 2 -j REJECT
OK
GOOD LUCK!
阅读(1570) | 评论(1) | 转发(0) |