Fli
02-02-2015, 11:20 PM
Hello,
how to install an kernel module called "statistic" which is made for IPTables firewall?
Module details from IPTables extensions manual page:
statistic
This module matches packets based on some statistic condition. It supports two distinct modes settable with the --mode option.
Supported options:
--mode mode
Set the matching mode of the matching rule, supported modes are random and nth.[!] --probability p
Set the probability for a packet to be randomly matched. It only works with the random mode. p must be within 0.0 and 1.0. The supported granularity is in 1/2147483648th increments.
[!] --every n
Match one packet every nth packet. It works only with the nth mode (see also the --packet option).
--packet p
Set the initial counter value (0 <= p <= n-1, default 0) for the nth mode.
I have an Linux CentOS 5.x 64bit OpenVZ server and several virtual private servers (VPSs) on it.
When i did "cat /proc/net/ip_tables_matches" on an VPS it listed iptables modules, but "statistic" one was missing.
On an host node openvz server i did command: modprobe --list | grep stat
and result is:
kernel/arch/x86/kernel/cpu/cpufreq/intel_pstate.ko
kernel/drivers/video/vgastate.ko
kernel/drivers/pcmcia/rsrc_nonstatic.ko
kernel/drivers/cpufreq/cpufreq_stats.ko
kernel/drivers/leds/leds-wm831x-status.ko
kernel/net/netfilter/xt_state.ko
kernel/net/netfilter/xt_statistic.ko
so i did command on host node openvz server: modprobe xt_statistic
and then i was able to see statistic module in VPSs /proc/net/ip_tables_matches
how to install an kernel module called "statistic" which is made for IPTables firewall?
Module details from IPTables extensions manual page:
statistic
This module matches packets based on some statistic condition. It supports two distinct modes settable with the --mode option.
Supported options:
--mode mode
Set the matching mode of the matching rule, supported modes are random and nth.[!] --probability p
Set the probability for a packet to be randomly matched. It only works with the random mode. p must be within 0.0 and 1.0. The supported granularity is in 1/2147483648th increments.
[!] --every n
Match one packet every nth packet. It works only with the nth mode (see also the --packet option).
--packet p
Set the initial counter value (0 <= p <= n-1, default 0) for the nth mode.
I have an Linux CentOS 5.x 64bit OpenVZ server and several virtual private servers (VPSs) on it.
When i did "cat /proc/net/ip_tables_matches" on an VPS it listed iptables modules, but "statistic" one was missing.
On an host node openvz server i did command: modprobe --list | grep stat
and result is:
kernel/arch/x86/kernel/cpu/cpufreq/intel_pstate.ko
kernel/drivers/video/vgastate.ko
kernel/drivers/pcmcia/rsrc_nonstatic.ko
kernel/drivers/cpufreq/cpufreq_stats.ko
kernel/drivers/leds/leds-wm831x-status.ko
kernel/net/netfilter/xt_state.ko
kernel/net/netfilter/xt_statistic.ko
so i did command on host node openvz server: modprobe xt_statistic
and then i was able to see statistic module in VPSs /proc/net/ip_tables_matches