1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
This is the ipset source tree. Follow these steps to install ipset:
0. You need the source tree of your kernel (version >= 2.6.16 or 2.4.36.x)
and it have to be configured, modules compiled.
1. Compile ipset and it's kernel modules
# make KERNEL_DIR=<<where-you-built-your-kernel>>
You can specify the maximum number of sets (default 256)
and/or the hash size for bindings (default 1024) if you want:
# make KERNEL_DIR=<<where-you-built-your-kernel>> \
IP_NF_SET_MAX=<<your setsize number>> \
IP_NF_SET_HASHSIZE=<<your hashsize number>>
If your compiler does not support all of the extra warning
flags, you can disable those too:
# make KERNEL_DIR=<<where-you-built-your-kernel>> \
IP_NF_SET_MAX=<<your setsize number>> \
IP_NF_SET_HASHSIZE=<<your hashsize number>> \
NO_EXTRA_WARN_FLAGS=yes
2. Install the binary and the modules
# make KERNEL_DIR=<<where-you-built-your-kernel>> install
3. Cleanup the source tree
# make KERNEL_DIR=<<where-you-built-your-kernel>> clean
That's it!
Read the ipset(8) and iptables(8) manpages on how to use ipset
and its match and target from iptables.
If you want to build a non-modular >= 2.6.16 kernel or has got a 2.4.36.x
kernel tree, then proceed with the following steps:
1. Compile the ipset binaries
# make KERNEL_DIR=<<where-you-built-your-kernel>> binaries
2. Install the ipset binaries
# make KERNEL_DIR=<<where-you-built-your-kernel>> binaries_install
3. Patch your kernel source
# make KERNEL_DIR=<<where-you-built-your-kernel>> patch_kernel
4. Go to the kernel source and run 'make oldconfig', enable the ipset
functionality and compile, install your kernel.
|
