PDA

View Full Version : How to install kernel IPTables firewall module "statistic"



Fli
02-02-2015, 11:20 PM
Hello,

how to install an kernel module called "statistic" which is made for IPTables firewall?

Module details from IPTables extensions manual page:


statistic

This module matches packets based on some statistic condition. It supports two distinct modes settable with the --mode option.

Supported options:

--mode mode
Set the matching mode of the matching rule, supported modes are random and nth.[!] --probability p
Set the probability for a packet to be randomly matched. It only works with the random mode. p must be within 0.0 and 1.0. The supported granularity is in 1/2147483648th increments.

[!] --every n
Match one packet every nth packet. It works only with the nth mode (see also the --packet option).

--packet p
Set the initial counter value (0 <= p <= n-1, default 0) for the nth mode.

I have an Linux CentOS 5.x 64bit OpenVZ server and several virtual private servers (VPSs) on it.

When i did "cat /proc/net/ip_tables_matches" on an VPS it listed iptables modules, but "statistic" one was missing.

On an host node openvz server i did command: modprobe --list | grep stat

and result is:

kernel/arch/x86/kernel/cpu/cpufreq/intel_pstate.ko
kernel/drivers/video/vgastate.ko
kernel/drivers/pcmcia/rsrc_nonstatic.ko
kernel/drivers/cpufreq/cpufreq_stats.ko
kernel/drivers/leds/leds-wm831x-status.ko
kernel/net/netfilter/xt_state.ko
kernel/net/netfilter/xt_statistic.ko

so i did command on host node openvz server: modprobe xt_statistic

and then i was able to see statistic module in VPSs /proc/net/ip_tables_matches