LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > MEPIS
User Name
Password
MEPIS This forum is for the discussion of MEPIS Linux.

Notices

Reply
 
Search this Thread
Old 09-30-2006, 07:46 PM   #1
craftybytes
Member
 
Registered: Jan 2006
Location: Killarney, QLD Australia
Distribution: Mepis 3.4-3; Puppy 2.12; WinXP Pro (rarely)
Posts: 54

Rep: Reputation: 15
MEPIS 3.4-3 - Patching kernel - do I need to re-compile?


Hi group,

Am running MEPIS 3.4-3, with kernel 2.6.15-1-586tsc and various extra packages installed - WORKS VERY WELL - JUST AS I WANT IT!!!

However I'd like to improve the firewall (iptables) side as the current kernel does not have the 'ipt_owner' for iptables configured - neither built-in nor as a module. Checked the kernel config file /boot/config-2.6.15-1-586tsc for what's enabled or not and 'ipt_owner' is not mentioned at all - so assume not configured!! If any of you out there are running MEPIS 3.4-3 and have 'uid-owner' or 'gid-owner' options applied in your iptables file, please advise as to how you got it to install and work!

Question 1: if I patch the kernel to include the 'ipt_owner' module - do I have to re-compile the kernel?

Question 2: if so - how do I re-compile - any guides available?

Question 3: anybody advise as to where I can get the relevant patches for 'ipt_owner' module from please?

TYIA

Oz-Rod
 
Old 09-30-2006, 10:09 PM   #2
craftybytes
Member
 
Registered: Jan 2006
Location: Killarney, QLD Australia
Distribution: Mepis 3.4-3; Puppy 2.12; WinXP Pro (rarely)
Posts: 54

Original Poster
Rep: Reputation: 15
RE: MEPIS 3.4-3 - Patching kernel - do I need to re-compile?

Hi all,

I'm not certain - but I may have found my answer to the above post!!

I rechecked the /boot/config-2.6.15-1-586tsc file for my running kernel and find that maybe the 'ipt-owner' options are enabled it seems:

<snip>:
>IP: Netfilter Configuration
>
>...............
>...............
>CONFIG_IP_NF_MATCH_OWNER=m
>...............
>...............

<end snip>

Also checked for possible modules and found:

/lib/modules/2.6.15-1-586tsc/kernel/net/ipv4/netfilter/ipt_owner.ko

and

/lib/iptables/libipt_owner.so

QUES: This looks like the kernel 'ipt-owner' option is enabled - is this correct?

QUES: If I include the following to my iptables firewall script in /etc/rc.firewall - what code do I add to it to allow me to log (confirm) that script snippet works?

"# Allow packets by UID
Listuid="$(gawk -F:'{print $3}' /etc/passwd)"
for Xuid in $Listuid; do
iptables -t filter -A chk-own -o ppp0 -m owner --uid-owner $Xuid -j RETURN
done
iptables -t filter -A chk-own -m limit --limit 10/s -j logdrop5
"
and for 'logdrop5':

"iptables -N logdrop5
iptables -A logdrop5 -j LOG --log-prefix "ILLEGAL packet owner: "
iptables -A logdrop5 -j DROP
"

NOTE:- the "logdrop5" section logs and drops the packet ONLY if it is illegal - not if it is ok. I also want to log if it IS OK (to confirm that the 'match' option is working).

Any help would be appreciated.

Oz-Rod
 
Old 09-30-2006, 11:25 PM   #3
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,206

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Yes, it looks like it is enabled - as a module.
Try "lsmod | grep -i owner". If it comes back with nothing, you'll need to load it; "modprobe ipt_owner". Then re-run the first command - you should see it now.
You'll need to add it to the initscripts to ensure it's always loaded.
As for how to use it, I have no bloody idea.

As for your initial query, Warren used to have a /usr/src/KERNEL-README (??? something like that) that had info on compiling a new (source) kernel for Mepis.
Have a look for that.
 
Old 10-01-2006, 01:03 AM   #4
craftybytes
Member
 
Registered: Jan 2006
Location: Killarney, QLD Australia
Distribution: Mepis 3.4-3; Puppy 2.12; WinXP Pro (rarely)
Posts: 54

Original Poster
Rep: Reputation: 15
RE: MEPIS 3.4-3 - Patching kernel - do I need to re-compile?

Hi syg00,

Thanks for you reply.
Tried your lsmod command - nothing as expected!! Did the modprobe, then the lsmod again - success!!!!!!

As to the initscripts - will load it within the iptables firewall script /etc/rc.firewall.

Haven't been able to find Warren's /usr/src/KERNEL-README - at least not on my machine - maybe someone can point me to where?

Any thoughts re my 2nd question in my 2nd post (i.e.. Allow packets by UID...)?

Any assistance would be appreciated!!!

Oz-Rod
 
Old 10-01-2006, 01:32 AM   #5
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,206

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Happy to help - as I said, you'll have to wait for others to answer.

What do the Queen Mary Falls look like these days - did that recent rain do you folks any good ???.
Might duck up and have a look this week (I'm in Brisbane)
 
Old 10-01-2006, 01:44 AM   #6
craftybytes
Member
 
Registered: Jan 2006
Location: Killarney, QLD Australia
Distribution: Mepis 3.4-3; Puppy 2.12; WinXP Pro (rarely)
Posts: 54

Original Poster
Rep: Reputation: 15
RE: MEPIS 3.4-3 - Patching kernel - do I need to re-compile?

Hi sygOO,

The falls have a little bit more water over them now - don't look too bad actually.

If you do come up - come into Killarney and drop in for a cuppa & chat - you'll find that we be friendly folk. Send me an email before you come up and I'll send one back with our address.

Oz-Rod

Just checked - my email address not listed in the forum profile!!

'craftybytes_at_dodo_dot_com_dot_au' will find me_..

Last edited by craftybytes; 10-01-2006 at 01:48 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
error while patching Rtlinux 3.1 kernel using kernel linux-2.4.29 dolreich_c Linux - General 0 08-10-2006 03:33 AM
Do I need to re-compile after patching my kernel? mlsbraves Linux - General 5 07-09-2006 11:47 PM
Patching a 2.6 kernel with a 2.4 kernel keyboard driver..possible? dxx Linux - Laptop and Netbook 3 11-18-2004 04:18 AM
Patching the kernel Brain2000 Linux - Newbie 0 06-15-2004 12:13 AM
kernel patching Protex Slackware 6 01-27-2004 09:43 PM


All times are GMT -5. The time now is 01:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration