NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Kernel-2-6 and iptables issue

from [Elvir Kuric] [Permanent Link][Original]
To: "Hrad Miroslav" <m.hrad@intv.cz>
Subject: Re: Kernel-2-6 and iptables issue
From: "Elvir Kuric" <omasnjak@gmail.com>
Date: Wed, 8 Aug 2007 21:48:08 +0200
Cc: netfilter@lists.netfilter.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DX20AfHlhbRtO0Jy7CMDFRkOumeRmv0Ckaby8jBCHbpDHO6upQJrJgf8tl3Qlh1ARHtgz1840Zr4BPS5be85KZmihgMQd2aVdxjzI5Ua35DXlzzG3c0X1B/KlrnLoEumU7XnQc7AV0/au7Zkzq8wrL8KIyQQG4tYDj8FDVDC6GY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=A1E36038aJ+oeeYckNluPYUO8xrptUsAKfHGluxzFDwTr9zkIG7mZBebRS759HSY8fxyepFrUFieJAgDE3tS99Z/X0+DASAd3plBDd6F9UflXs61Utu2S/pcMS9YJzH/VO8D/A50owbw6LJShvau7EnJ2rLbYpE7UwYN0WYShXk=
In-reply-to: <46B9C8A9.6010805@intv.cz>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <46B9C8A9.6010805@intv.cz>
Sender: netfilter-bounces@lists.netfilter.org 
Hi,
Hi,

I do not understant why you are using kernel+iptables ....etc...

You should include support for iptables in kernel there is I think in
networking options. After kernel compilation ( with iptables support )
you will have iptables packet included and be able to make iptables
rules. patch-o-matic is neccessary when you want to add some features
into iptables that is not yet included in kernel version and then you
patch kernel ( adding that feature to iptables ).
For example, for  L-7 filtering you will need ( AFAIK ) to patch
kernel to add that feature. Google for " patching kernel " and you
will find a lot of links with detailed informations.
In following link is example how is patched kernel to add geiop
feature to iptables
http://www.debian-administration.org/articles/518

With regards

Elvir Kuric

PS: Sorry, I forgot to " reply to all " in prior mail :)

On 8/8/07, Hrad Miroslav <m.hrad@intv.cz> wrote:
> Hi
> I would like to have one questionregarding to the compilation of the
> linux-kernel (2.6) and iptables.
>
> I need to run a firewall within the linux box, which could support at
> least ipp2p filtering, l7-layer filtering, connlimit, quota, tarpit,
> ip_mark.
>
> I would like to know which version of the kernel, iptables,
> patch-o-magic and other patchs to use to make compilation of the kernel
> and iptables without any errors.
>
> I have aleady tried to use kernels and iptables of many versions but the
> compilation of kernel was broken with some errors.
>
> For instance I used this packages:
> linux-2.6.16.27.tar.bz2
> iptables-1.3.5.tar.bz2
> patch-o-matic-ng-20060626.tar.bz2
> patch-o-matic-ng-20060511.tar.bz2
>
> linux-2.6.16-imq2.diff
> iptables-1.3.0-imq1.diff
> esfq-2.6.15.1.tar.gz
>
> netfilter-layer7-v2.2.tar.gz
> l7-protocols-2006-05-21.tar.gz
>
> - but without success. (there was incompatibily pointer with connlimit
> and tarpit)
>
>
> Please, can you tell me which version can I use for proper kernel
> compilation ?
>
> Thanks
>
> Regards
>
> Miroslav
>
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  queue_max_length configuration, Sussman, Scott
Next by Date:  Re: iptables/mac address filtering question (nfcan: to exclusive), Jim Laurino
Previous by Thread:  Kernel-2-6 and iptables issue, Hrad Miroslav
Next by Thread:  iptables/mac address filtering question, Jay Sprenkle
Indexes:  [Date] [Thread] [Top] [All Lists]