NetFilter P-O-M

Protecting your Linux box
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

NetFilter P-O-M

Post by mansoor17177 »

SALAM every one,

I need help, how to PATCH netfilter ?
I'm using Fedora core 5, and i already downloaded latest p-o-m.

Can any one tell me the step by step configuration from downloding patch to appling patch, or if i just install iptables from source downloaded from netfilter's website will all extention i need become available for me?

thanks
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Re: NetFilter P-O-M

Post by nomankhn »

mansoor17177 wrote:SALAM every one,

I need help, how to PATCH netfilter ?
I'm using Fedora core 5, and i already downloaded latest p-o-m.

Can any one tell me the step by step configuration from downloding patch to appling patch, or if i just install iptables from source downloaded from netfilter's website will all extention i need become available for me?

thanks
Dear Mansoor

http://www.linuxsecurity.com/content/view/117370/49/
http://www.linuxpakistan.net/forum2x/vi ... tch++matic

I am sure your problem will be resolved.

but still their are alot of issues with that, so its not easy to configure and implement it until person have programming experience to settle down the problems.

Regards
Noman Khanzada
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

Post by mansoor17177 »

SALAM Noman,

Thanks for ur reply, i just patch iptables p-o-m with source kernel and configure the kernel option and save the config file , but now i hav problem with compiling the kernel, I tried the method which is given by u in link http://www.linuxpakistan.net/forum2x/vi ... tch++matic
but i got some error " # make dep " " *** Warning: make dep is unnecessary now."

i'm using FC5 source kernel and p-o-m & iptables from netfilter

now tell me what i did wrong, below is step which i done

1. I downloaded the patch and iptables source code from netfilter website
2. in p-o-m dir i issued the command " #./runme base "
3. select the kernel source dir
4. select the iptables source
5. when p-o-m starts selects the required module and then quit
6. in kernel source dir issue this command " # make xconfig "
7. select the NEW option in netfilter configuration and then save the config file
8. then " # make dep" and it gives me error " *** Warning: make dep is unnecessary now."

plz help me in this bcoz i need time function in netfilter

thanks
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

mansoor17177 wrote:SALAM Noman,

Thanks for ur reply, i just patch iptables p-o-m with source kernel and configure the kernel option and save the config file , but now i hav problem with compiling the kernel, I tried the method which is given by u in link http://www.linuxpakistan.net/forum2x/vi ... tch++matic
but i got some error " # make dep " " *** Warning: make dep is unnecessary now."

i'm using FC5 source kernel and p-o-m & iptables from netfilter

now tell me what i did wrong, below is step which i done

1. I downloaded the patch and iptables source code from netfilter website
2. in p-o-m dir i issued the command " #./runme base "
3. select the kernel source dir
4. select the iptables source
5. when p-o-m starts selects the required module and then quit
6. in kernel source dir issue this command " # make xconfig "
7. select the NEW option in netfilter configuration and then save the config file
8. then " # make dep" and it gives me error " *** Warning: make dep is unnecessary now."

plz help me in this bcoz i need time function in netfilter

thanks
Dear

Which kernel version you are using.
and which p-o-m repository u download tell me that.
paste ur all commands here


Regards
Noman Khanzada
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

Post by mansoor17177 »

SALAM,

Brother I'm very much confused now,
i just need time functionality in netfilter , kindly tell me steps how to do thats.

1. i'm using FC5, source kernel already installed in " /usr/src/kernels/2.6.15-1.2054_FC5-smp-i686 "

2. i downloaded " iptables-1.3.5-20060602 " from netfilter website
3. i downloaded " patch-o-matic-20041009.tar.bz2 " from netfilter website

now tell me what to do?

thanks
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

mansoor17177 wrote:SALAM,

Brother I'm very much confused now,
i just need time functionality in netfilter , kindly tell me steps how to do thats.

1. i'm using FC5, source kernel already installed in " /usr/src/kernels/2.6.15-1.2054_FC5-smp-i686 "

2. i downloaded " iptables-1.3.5-20060602 " from netfilter website
3. i downloaded " patch-o-matic-20041009.tar.bz2 " from netfilter website

now tell me what to do?

thanks
Dear

Its better to download 2.6 kernel from kernel.org and use iptables source code and download the patch-o-matic from below website

svn co https://svn.netfilter.org/netfilter/tru ... o-matic-ng

so

then
go to /usr/src/
tar -jxvf linux-2.6.tar.bz2
tar -jxvf iptables-1.3.4*
cd linux-2.6*
make menuconfig and press ecape key and save ur setting that create .config file

cd pach-o-mati*
set ur kernel or iptables full path like

export IPTABLES_PATH=/usr/src/iptables-1.34/
same for kernel and export both paths

./runme extra

after patching turn ON those settings on /usr/src/linux-2.6
make bzImage
make modules
make modules_install
cp /usr/src/linux-2.6/arch/i386/boot/bzImage /boot/vmlinuz-2.6
mkinitrd -f -v /boot/initrd-2.6.img 2.6 ( 2.6 ur kernelname)

set ur grub.conf
re boot your system

i am sure your problem will be resolved

regards
noman


mkinitrd -f -v /boot/initrd-2.4.21.img 2.4.21
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

Post by mansoor17177 »

Dear Noman,

after following ur instruction , when i issued the command " make bzImage "
it gives me this error.

"CHK include/linux/version.h
SPLIT include/linux/autoconf.h -> include/config/*
make[1]: *** No rule to make target `init/main.o', needed by `init/built-in.o'. Stop.
make: *** [init] Error 2
"
and by the way i'm doing all this in GUI mode so i used " make xconfig " instead of menuconfig
and i'm using kernel 2.6.15-1.2054_FC5-smp-i686 and success fully save the changes and create .config file.

plz tell me wats the problem now.

thanks
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

mansoor17177 wrote:Dear Noman,

after following ur instruction , when i issued the command " make bzImage "
it gives me this error.

"CHK include/linux/version.h
SPLIT include/linux/autoconf.h -> include/config/*
make[1]: *** No rule to make target `init/main.o', needed by `init/built-in.o'. Stop.
make: *** [init] Error 2
"
and by the way i'm doing all this in GUI mode so i used " make xconfig " instead of menuconfig
and i'm using kernel 2.6.15-1.2054_FC5-smp-i686 and success fully save the changes and create .config file.

plz tell me wats the problem now.

thanks
Dear ,

I gave u the command line step by step idea, but i think u should learn some course of understanding, i mean to say dahan sa step by step, smbhal kar, but u want to implement it thats why u are moving like F-16, not following on the screen whats going on.

Kernel compilation for this problem is not so difficult, but for understanding this u have to recompile kernel around 20 times than u can understand the thing.

Regards
Noman Khanzada
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

Post by mansoor17177 »

SALAM Noman,

I just recompiled the kernel as per ur instruction, now problem is that which function i setup in kernel configuration still not working,
how can i check the current kernel that the option i'm looking for is included or NOT

when i was compiling the kernel i saw that module to load, and tell me how to configure GRUB, in grub i just put another label and path of initrd and vmlinuz, bcoz i didnt want to disturb the current kernel, is it enough or i have to configure some more options too.

thanks for so much help
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear mansoor17177,
Salam,

FYI, http://www.linuxpakistan.net/forum2x/vi ... 3998#20528

Best Regards.
Farrukh Ahmed
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

mansoor17177 wrote:SALAM Noman,

I just recompiled the kernel as per ur instruction, now problem is that which function i setup in kernel configuration still not working,
how can i check the current kernel that the option i'm looking for is included or NOT

when i was compiling the kernel i saw that module to load, and tell me how to configure GRUB, in grub i just put another label and path of initrd and vmlinuz, bcoz i didnt want to disturb the current kernel, is it enough or i have to configure some more options too.

thanks for so much help

Dear Mansoor,

Afer Recompilation of kernel and after generating initrd image update ur grub.conf according to your kernel version.


This is my grub.conf

[root@ns1 iftop-0.17]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/hda2
# initrd /initrd-version.img
#boot=/dev/hda
default=1
timeout=1
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux ES (2.6.9-5.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/
initrd /initrd-2.6.9-5.EL.img
title Red Hat Enterprise Linux ES (Noman Liaquat Khanzada)
root (hd0,0)
kernel /vmlinuz-2.6.14.4 ro root=LABEL=/ selinux=0
initrd /initrd-2.6.14.4.img


Regards
Noman Khanzada
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

Post by mansoor17177 »

Dear Farukh,

Here are steps which i done.
1. download p-o-m from website
2. download iptables source
3. download kernel from kernel.org
4. in p-o-m directory i run this command " # ./runme extra " then it ask for kernel dir path and then iptables source path.
5. after that i goto the kernel dir and run this command " # make xconfig " bcoz i'm using GUI, and then i select the module listed as a NEW and then save the configuration file " .config "
6. then kernel dir i run this command " # make bzImage "
7. then make module
8. make module_install
9. cp /usr/src/linux-2.6.16/arch/i386/boot/bzImage /boot/vmlinuz-2.6.16
10. mkinitrd -f -v /boot/initrd-2.6.img 2.6.16
11. edit grub.conf file
here is my old grub.conf file

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
	root (hd0,0)
	kernel /xen.gz-2.6.15-1.2054_FC5
	module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5smp.img
here is my new grub.conf

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
	root (hd0,0)
	kernel /xen.gz-2.6.15-1.2054_FC5
	module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5smp.img
title Fedora Core Custom (2.6.16)
	root (hd0,0)
	kernel /vmlinuz-2.6.16 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.16.img
12. then reboot, after rebooting i select the new kernel from grub list to boot, but i check the command but it did work giving error of missing module.


Kindly tell me where i done wrong and i already check the topic which link u provided

thanks for all ur help
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

mansoor17177 wrote:Dear Farukh,

Here are steps which i done.
1. download p-o-m from website
2. download iptables source
3. download kernel from kernel.org
4. in p-o-m directory i run this command " # ./runme extra " then it ask for kernel dir path and then iptables source path.
5. after that i goto the kernel dir and run this command " # make xconfig " bcoz i'm using GUI, and then i select the module listed as a NEW and then save the configuration file " .config "
6. then kernel dir i run this command " # make bzImage "
7. then make module
8. make module_install
9. cp /usr/src/linux-2.6.16/arch/i386/boot/bzImage /boot/vmlinuz-2.6.16
10. mkinitrd -f -v /boot/initrd-2.6.img 2.6.16
11. edit grub.conf file
here is my old grub.conf file

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
	root (hd0,0)
	kernel /xen.gz-2.6.15-1.2054_FC5
	module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5smp.img
here is my new grub.conf

Code: Select all

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=4
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.15-1.2054_FC5xenU)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5xenU ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5xenU.img
title Fedora Core (2.6.15-1.2054_FC5xen0)
	root (hd0,0)
	kernel /xen.gz-2.6.15-1.2054_FC5
	module /vmlinuz-2.6.15-1.2054_FC5xen0 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	module /initrd-2.6.15-1.2054_FC5xen0.img
title Fedora Core (2.6.15-1.2054_FC5)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5.img
title Fedora Core (2.6.15-1.2054_FC5smp)
	root (hd0,0)
	kernel /vmlinuz-2.6.15-1.2054_FC5smp ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.15-1.2054_FC5smp.img
title Fedora Core Custom (2.6.16)
	root (hd0,0)
	kernel /vmlinuz-2.6.16 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
	initrd /initrd-2.6.16.img
12. then reboot, after rebooting i select the new kernel from grub list to boot, but i check the command but it did work giving error of missing module.


Kindly tell me where i done wrong and i already check the topic which link u provided

thanks for all ur help
Dear Mansoor,

You have alot of grub entries why, hey first thing is that when u will get errors during compilation then its impossible to install and configure a new kernel so its better to do according to my steps. second thing is that lockhelp.h is not available in current kernel source code so u will copy them from your fedora #5 if lockhelp.h is present there and third thing is that than again start #make bzImage, i am sure you are missing small things thats why you are getting error.

Regards
Noman Khanzada
mansoor17177
Naik
Posts: 67
Joined: Thu May 26, 2005 11:14 am
Location: Peshawar
Contact:

Post by mansoor17177 »

Dear Noman,

I didnt got any error during compilation, it goes smooth as per ur steps, but i'm not getting time function in netfilter, plz tell me how to check current installed kernel for required module, in kernel source when i check for required module its there, and after that i compiled the kernel but i'm not getting wat i want.

actually i installed complete FC5 thats y grub has lot of entries.

And what is lockhelp.h?

waiting for ur reply
thanks
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

mansoor17177 wrote:Dear Noman,

I didnt got any error during compilation, it goes smooth as per ur steps, but i'm not getting time function in netfilter, plz tell me how to check current installed kernel for required module, in kernel source when i check for required module its there, and after that i compiled the kernel but i'm not getting wat i want.

actually i installed complete FC5 thats y grub has lot of entries.

And what is lockhelp.h?

waiting for ur reply
thanks
Dear

after make bzImage
tell me your steps and paste your errors here

Regards
Noman Liaquat Khanzada Rajput
Post Reply