Difference between revisions of "IPv6 Firewall: Persiapan Menggunakan netfilter6"
Onnowpurbo (talk | contribs) (New page: 18.2. Preparation This step is only needed if distributed kernel and netfilter doesn't fit your requirements and new features are available but still not built-in. 18.2.1. Get sources Ge...) |
Onnowpurbo (talk | contribs) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | Langkah ini hanya perlu dilakukan jika kernel dan netfilter bawaan distribusi tidak sesuai dengan kebutuhkan kita dan kita membutuhkan fitur baru yang belum built-in. | |
− | + | ==Ambil Source== | |
− | |||
− | + | Ambil source dari | |
− | + | http://www.kernel.org | |
− | + | Ambil iptables terakhir (kernel patch) dari | |
− | + | http://www.netfilter.org/ | |
− | + | ==Buka source== | |
− | + | Pindah ke directory source | |
− | + | # cd /path/to/src | |
− | + | Buka dan and rename kernel source | |
− | |||
− | + | # tar z|jxf kernel-version.tar.gz|bz2 | |
+ | # mv linux linux-version-iptables-version+IPv6 | ||
− | + | Unpack iptables source | |
− | + | # tar z|jxf iptables-version.tar.gz|bz2 | |
− | + | ==Apply latest iptables/IPv6-related patches to kernel source== | |
− | + | Pindah ke directory iptables | |
− | + | # cd iptables-version | |
− | + | Lakukan pending patche | |
− | + | # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ | |
− | + | Lakukan patch terkait IPv6 (still not in the vanilla kernel included) | |
− | + | # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ | |
− | + | Pilih yes pada opsi berikut (iptables-1.2.2) | |
− | + | * ah-esp.patch | |
+ | * masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN connections like PPP or PPPoE) | ||
+ | * ipv6-agr.patch.ipv6 | ||
+ | * ipv6-ports.patch.ipv6 | ||
+ | * LOG.patch.ipv6 | ||
+ | * REJECT.patch.ipv6 | ||
− | + | Cek IPv6 extension | |
− | + | # make print-extensions | |
− | + | Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport | |
− | + | ==Configure, build and install new kernel== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Change to kernel sources | Change to kernel sources | ||
− | # cd /path/to/src/linux-version-iptables-version/ | + | # cd /path/to/src/linux-version-iptables-version/ |
Edit Makefile | Edit Makefile | ||
− | - EXTRAVERSION = | + | - EXTRAVERSION = |
− | + EXTRAVERSION = -iptables-version+IPv6-try | + | + EXTRAVERSION = -iptables-version+IPv6-try |
Run configure, enable IPv6 related | Run configure, enable IPv6 related | ||
Line 94: | Line 91: | ||
Compilation and installing: see the kernel section here and other HOWTOs | Compilation and installing: see the kernel section here and other HOWTOs | ||
− | |||
− | + | ==Rebuild dan install binary dari iptables== | |
+ | |||
+ | Pastikan bahwa kernel source tree yang paling atas juga tersedia di /usr/src/linux/ | ||
− | Rename | + | Rename directory yang lama |
− | # mv /usr/src/linux /usr/src/linux.old | + | # mv /usr/src/linux /usr/src/linux.old |
− | + | Buat softlink yang baru | |
− | # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux | + | # ln -s /path/to/src/linux-version-iptables-version /usr/src/linux |
Rebuild SRPMS | Rebuild SRPMS | ||
− | # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm | + | # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm |
− | Install | + | Install iptables package (iptables + iptables-ipv6) |
− | + | Di RH 7.1 system, biasanya, sudah tersedia versi lama yang terinstall, oleh karena itu kita perlu memperbaharui-nya | |
− | # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm | + | # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm |
− | + | Jika belum di instalasi, gunakan "install" | |
− | # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm | + | # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm |
− | + | Di sistem RH 6.2, biasanya, kernel 2.4.x tidak di install, oleh karena kebutuhan yang kita butuhkan tidak cocok. | |
+ | Gunakan "--nodeps" untuk menginstalasinya | ||
− | # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm | + | # rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm |
Perhaps it's necessary to create a softlink for iptables libraries where iptables looks for them | Perhaps it's necessary to create a softlink for iptables libraries where iptables looks for them | ||
− | # ln -s /lib/iptables/ /usr/lib/iptables | + | # ln -s /lib/iptables/ /usr/lib/iptables |
Latest revision as of 09:27, 26 June 2015
Langkah ini hanya perlu dilakukan jika kernel dan netfilter bawaan distribusi tidak sesuai dengan kebutuhkan kita dan kita membutuhkan fitur baru yang belum built-in.
Ambil Source
Ambil source dari
http://www.kernel.org
Ambil iptables terakhir (kernel patch) dari
http://www.netfilter.org/
Buka source
Pindah ke directory source
# cd /path/to/src
Buka dan and rename kernel source
# tar z|jxf kernel-version.tar.gz|bz2 # mv linux linux-version-iptables-version+IPv6
Unpack iptables source
# tar z|jxf iptables-version.tar.gz|bz2
Pindah ke directory iptables
# cd iptables-version
Lakukan pending patche
# make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/
Lakukan patch terkait IPv6 (still not in the vanilla kernel included)
# make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/
Pilih yes pada opsi berikut (iptables-1.2.2)
- ah-esp.patch
- masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN connections like PPP or PPPoE)
- ipv6-agr.patch.ipv6
- ipv6-ports.patch.ipv6
- LOG.patch.ipv6
- REJECT.patch.ipv6
Cek IPv6 extension
# make print-extensions
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport
Configure, build and install new kernel
Change to kernel sources
# cd /path/to/src/linux-version-iptables-version/
Edit Makefile
- EXTRAVERSION = + EXTRAVERSION = -iptables-version+IPv6-try
Run configure, enable IPv6 related
Code maturity level options Prompt for development and/or incomplete code/drivers : yes Networking options Network packet filtering: yes The IPv6 protocol: module IPv6: Netfilter Configuration IP6 tables support: module All new options like following: limit match support: module MAC address match support: module Multiple port match support: module Owner match support: module netfilter MARK match support: module Aggregated address check: module Packet filtering: module REJECT target support: module LOG target support: module Packet mangling: module MARK target support: module
Configure other related to your system, too
Compilation and installing: see the kernel section here and other HOWTOs
Rebuild dan install binary dari iptables
Pastikan bahwa kernel source tree yang paling atas juga tersedia di /usr/src/linux/
Rename directory yang lama
# mv /usr/src/linux /usr/src/linux.old
Buat softlink yang baru
# ln -s /path/to/src/linux-version-iptables-version /usr/src/linux
Rebuild SRPMS
# rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm
Install iptables package (iptables + iptables-ipv6)
Di RH 7.1 system, biasanya, sudah tersedia versi lama yang terinstall, oleh karena itu kita perlu memperbaharui-nya
# rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
Jika belum di instalasi, gunakan "install"
# rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
Di sistem RH 6.2, biasanya, kernel 2.4.x tidak di install, oleh karena kebutuhan yang kita butuhkan tidak cocok. Gunakan "--nodeps" untuk menginstalasinya
# rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
Perhaps it's necessary to create a softlink for iptables libraries where iptables looks for them
# ln -s /lib/iptables/ /usr/lib/iptables