IPv6 Firewall: Persiapan Menggunakan netfilter6
Langkah ini hanya perlu dilakukan jika kernel dan netfilter bawaan distribusi tidak sesuai dengan kebutuhkan kita dan kita membutuhkan
This step is only needed if distributed kernel and netfilter doesn't fit your requirements and new features are available but still not built-in. 18.2.1. Get sources
Get the latest kernel source: http://www.kernel.org/
Get the latest iptables package:
Source tarball (for kernel patches): http://www.netfilter.org/
18.2.2. Extract sources
Change to source directory:
# cd /path/to/src
Unpack and rename kernel sources
# tar z|jxf kernel-version.tar.gz|bz2 # mv linux linux-version-iptables-version+IPv6
Unpack iptables sources
- tar z|jxf iptables-version.tar.gz|bz2
Change to iptables directory
# cd iptables-version
Apply pending patches
# make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/
Apply additional IPv6 related patches (still not in the vanilla kernel included)
# make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/
Say yes at following options (iptables-1.2.2)
ah-esp.patch
masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN connections like PPP or PPPoE)
ipv6-agr.patch.ipv6
ipv6-ports.patch.ipv6
LOG.patch.ipv6
REJECT.patch.ipv6
Check IPv6 extensions
# make print-extensions
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport
18.2.4. Configure, build and install new kernel
Change to kernel sources
# cd /path/to/src/linux-version-iptables-version/
Edit Makefile
- EXTRAVERSION = + EXTRAVERSION = -iptables-version+IPv6-try
Run configure, enable IPv6 related
Code maturity level options
Prompt for development and/or incomplete code/drivers : yes
Networking options
Network packet filtering: yes
The IPv6 protocol: module
IPv6: Netfilter Configuration
IP6 tables support: module
All new options like following:
limit match support: module
MAC address match support: module
Multiple port match support: module
Owner match support: module
netfilter MARK match support: module
Aggregated address check: module
Packet filtering: module
REJECT target support: module
LOG target support: module
Packet mangling: module
MARK target support: module
Configure other related to your system, too
Compilation and installing: see the kernel section here and other HOWTOs
18.2.5. Rebuild and install binaries of iptables
Make sure, that upper kernel source tree is also available at /usr/src/linux/
Rename older directory
# mv /usr/src/linux /usr/src/linux.old
Create a new softlink
# ln -s /path/to/src/linux-version-iptables-version /usr/src/linux
Rebuild SRPMS
# rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm
Install new iptables packages (iptables + iptables-ipv6)
On RH 7.1 systems, normally, already an older version is installed, therefore use "freshen"
# rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
If not already installed, use "install"
# rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
On RH 6.2 systems, normally, no kernel 2.4.x is installed, therefore the requirements don't fit. Use "--nodeps" to install it
# rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
Perhaps it's necessary to create a softlink for iptables libraries where iptables looks for them
# ln -s /lib/iptables/ /usr/lib/iptables