Chinaunix首页 | 论坛 | 博客
  • 博客访问: 374130
  • 博文数量: 80
  • 博客积分: 1750
  • 博客等级: 上尉
  • 技术积分: 1380
  • 用 户 组: 普通用户
  • 注册时间: 2011-11-13 11:35
文章分类
文章存档

2014年(3)

2013年(1)

2012年(54)

2011年(22)

分类: LINUX

2012-05-14 21:11:11

rhel6.0 x86-64
server:192.168.0.5

软件下载:

yum install iptables-devel kernel-devel

unxz xtables-addons-1.37.tar.xz
tar -xf xtables-addons-1.37.tar
cd xtables-addons-1.37
less INSTALL                    #查看源码包INSTALL文件
....
Supported configurations for this release
=========================================

        * iptables >= 1.4.3      #对系统iptables版本的要求

        * kernel-source >= 2.6.29       #对系统内核版本的要求
          with prepared build/output directory
          - CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
          - CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
            enabled =y or as module (=m)
          - CONFIG_CONNECTOR y/m if you wish to receive userspace
            notifications from pknock through netlink/connector
....

./configure
make
make install
[root@server5 extra]# ll /lib/modules/2.6.32-71.el6.x86_64/extra/xt_ipp2p.ko
-rw-r--r-- 1 root root 363608 May 13 22:21 /lib/modules/2.6.32-71.el6.x86_64/extra/xt_ipp2p.ko

[root@server5 xtables]# ll /lib64/xtables/libxt_ipp2p.so
-rwxr-xr-x 1 root root 19926 May 13 22:21 /lib64/xtables/libxt_ipp2p.so

[root@server5 xtables]# iptables -F        #将链规则清空
[root@server5 xtables]# modprobe -l | grep ipp2p
extra/xt_ipp2p.ko

[root@server5 xtables]# modprobe xt_ipp2p          #加载模块

[root@server5 xtables]# lsmod | grep ipp2p
xt_ipp2p                8679  0
compat_xtables          6046  1 xt_ipp2p

[root@server5 xtables]# iptables -m ipp2p --help
....
ipp2p v0.10 match options:
  --edk    [tcp,udp]  All known eDonkey/eMule/Overnet packets
  --dc     [tcp]      All known Direct Connect packets
  --kazaa  [tcp,udp]  All known KaZaA packets
  --gnu    [tcp,udp]  All known Gnutella packets
  --bit    [tcp,udp]  All known BitTorrent packets
  --apple  [tcp]      All known AppleJuice packets
  --winmx  [tcp]      All known WinMX
  --soul   [tcp]      All known SoulSeek
  --ares   [tcp]      All known Ares

EXPERIMENTAL protocols:
  --mute   [tcp]      All known Mute packets
  --waste  [tcp]      All known Waste packets
  --xdcc   [tcp]      All known XDCC packets (only xdcc login)

....

[root@server5 ~]# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 2 -j REJECT




OK
GOOD LUCK!
阅读(1500) | 评论(1) | 转发(0) |
给主人留下些什么吧!~~

wwmshe2012-05-15 15:18:38

好东西