Установка IPFW на Ubuntu

Пкетный фильтр FreeBSD ipfw и система ограничения пропускной способности dummynet были успешно портированы в Linux.

В Ubuntu для сборки могут потребоваться пакеты:

$ sudo apt-get install build-essential linux-source linux-headers-$(uname -r)

Собираем ipfw и dummynet в Linux:

$ wget http://info.iet.unipi.it/~luigi/doc/20120812-ipfw3.tgz
$ tar xzf 20120812-ipfw3.tgz -C ~/src
$ cd ~/src/ipfw3
$ make

Загружаем модуль Linux-ядра:

$ sudo insmod ./dummynet2/ipfw_mod.ko
$ lsmod| grep ipfw
ipfw_mod 86695 0

Проверяем работу утилиты:

$ sudo ipfw/ipfw show

65535 54 6340 allow ip from any to any

$ sudo ipfw/ipfw 10 add deny ip from to any

00010 deny ip from to any

$ sudo ipfw/ipfw show

00010 1 84 deny ip from to any
65535 121 22335 allow ip from any to any

Dummynet Installation
Without installing the packages as directed above you will not be able to install Dummynet. The version on the website is for the wrong kernel. Just do a modinfo command on the ipfw_mod.ko and you will see the kernel version it was created on. (You probably could download the kernel headers for that module and link the header for that apt, but I feel that this is not the best way.)

1. Now let’s get to business…Copy, move, download the source code to your /tmp directory.
Example: While in your /tmp directory initiate the following command
#wget http://info.iet.unipi.it/~luigi/dumm…0319-ipfw3.tgz
2. The file is a compressed in a .tgz format and you will have to expand it.
While in the /tmp directory initiate the following command and a new directory called /tmp/ipfw3/ will be created.
#tar xvzf 20100319-ipfw3.tgz
3. Navigate to the /tmp/ipfw3 directory and initiate the “make” command.
4. 2 files were created and need to be copied to another location
a. ipfw executable was created in the directory /tmp/ipfw3/ipfw/ and 
you should copy it to the /ipfw3 directory created earlier in this tut.
#cp /tmp/ipfw3/ipfw/ipfw /ipfw3
b. ipfw_mod.ko kernel module was created in the /tmp/ipfw3/dummynet2/ directory and should be copied to the /ifpw3 directory.
c. #cp /tmp/ipfw3/dummynet2/ipfw_mod.ko /ipfw3

5. Install the Dummynet files
a. Copy the ipfw executable file to the /usr/local/sbin
# cp /ipfw3/ipfw /usr/local/sbin
b. Copy the ipfw_mod.ko to its destination by initiating the following command
#cp /ipfw3/ipfw_mod.ko /lib/modules/`uname –r`
c. Run depmod to update the modules.dep file so that you can use modprobe.
d. Now you can use modprobe to install the kernel module
#modprobe ipfw_mod

You can at this point lsmod to view the installed modules and to see if the module is working, type the following:
#ipfw list

Which displays:
65535 allow ip from any to any

e. You will loose the module if you reboot at this time, so to make the module load during boot you need to edit the etc/modules file with a text editor. Add ipfw_mod as the last entry in the file, save the file and you can now reboot and Dummynet is ready for rules to be added.
f. To restart the system and test the install initiate the following command:
#shutdown –r

There definitely maybe an easier way to accomplish but since I am new to the linux world this is all that I could do to get dummynet working on debian

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *