http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/os/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/os/SRPMS/iptables-1.3.0-2.src.rpm
然后用#rpmbuild -bp --target $(uname -m) /usr/src/redhat/SPEC/iptables.spec 用于创建iptables源码
kernel源码也同样创建。然后修改内核源码的Makefile,修改成和uname -r一致[code]VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 11
EXTRAVERSION = -1.1369_FC4[/code]下载connlimit模块补丁
wget http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20060725.tar.bz2
解压后打入补丁## KERNEL_DIR=/usr/src/linux IPTABLES_DIR=/usr/src/iptables ./runme connlimit
然后make menuconfig选择上新增的Connections/IP limit match support模块,保存退出。[code]make menuconfig 出?下列??
...In file included from scripts/kconfig/lxdialog/checklist.c:24:scripts/kconfig/lxdialog/dialog.h:31:20: error: curses.h: No such file or directoryIn file included from scripts/kconfig/lxdialog/checklist.c:24:scripts/kconfig/lxdialog/dialog.h:128: error: syntax error before 'use_colors'scripts/kconfig/lxdialog/dialog.h:128: warning: type defaults to 'int' in declaration of 'use_colors'scripts/kconfig/lxdialog/dialog.h:128: warning: data definition has no type or storage classscripts/kconfig/lxdialog/dialog.h:129: error: syntax error before 'use_shadow'...
原因?缺少 ncurses devel 套件 (name "libncurses5-dev" in Ubuntu),安?後即可
$ sudo apt-get install libncurses5-dev
如果是FC系列,是安装yum -y install ncurses-devel[/code]make modules_prepare
make M=net/ipv4/netfilter
然后会生成ipt_connlimit.ko文件,chmod +x ipt_connlimit.ko
然后拷贝到/lib/modules/相对应的iptables目录模块下。
限制每个IP最多10个连接。
#iptables -A INPUT -p tcp -m connlimit --connlimit-above 10 -j REJECT
引用:
前面提到connlimit补丁是针对2.6.11以后的内核版本涉及的,若直接编译会失败,所以我们必须先修改一下ipt_connlimit.c的部分代码。
补丁下载:下载
打补丁:
# cd /usr/src/linux-2.6.9-42.7AX/net/ipv4/netfilter
# bzip2 -dc /root/iptable_update/ipt_connlimit_by_qk.patch.bz2 |patch -p1
patching file ipt_connlimit.c