Журнал лабораторных работ

ezshaper-1.1rc         firewall.sh    ultimate-2.6.sh  ultimate.sh
ezshaper-1.1rc.tar.gz  myfirewall.sh  ultimatePM.sh

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Duron / Cable IP 192.168.8.250'
Duron / Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ iptables -A FORWARD -j LnDf
+ iptables -P INPUT DROP
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ echo 'Firewall loaded.'
Firewall loaded.

libip6t_ah.so          libipt_SET.so         libxt_NFLOG.so
libip6t_dst.so         libipt_SNAT.so        libxt_NFQUEUE.so
libip6t_eui64.so       libipt_ttl.so         libxt_NOTRACK.so
libip6t_frag.so        libipt_TTL.so         libxt_owner.so
libip6t_hbh.so         libipt_ULOG.so        libxt_physdev.so
libip6t_hl.so          libipt_unclean.so     libxt_pkttype.so
libip6t_HL.so          libxt_CLASSIFY.so     libxt_policy.so
libip6t_icmp6.so       libxt_cluster.so      libxt_quota.so
libip6t_ipv6header.so  libxt_comment.so      libxt_rateest.so
libip6t_LOG.so         libxt_connbytes.so    libxt_RATEEST.so
...
libipt_icmp.so         libxt_hashlimit.so    libxt_TCPMSS.so
libipt_LOG.so          libxt_helper.so       libxt_TCPOPTSTRIP.so
libipt_MASQUERADE.so   libxt_IMQ.so          libxt_tcp.so
libipt_MIRROR.so       libxt_iprange.so      libxt_time.so
libipt_NETMAP.so       libxt_length.so       libxt_tos.so
libipt_realm.so        libxt_limit.so        libxt_TOS.so
libipt_REDIRECT.so     libxt_mac.so          libxt_TPROXY.so
libipt_REJECT.so       libxt_mark.so         libxt_TRACE.so
libipt_SAME.so         libxt_MARK.so         libxt_u32.so
libipt_set.so          libxt_multiport.so    libxt_udp.so

/usr/local/libexec/xtables/libipt_addrtype.so
/usr/local/libexec/xtables/libipt_ah.so
/usr/local/libexec/xtables/libipt_CLUSTERIP.so
/usr/local/libexec/xtables/libipt_DNAT.so
/usr/local/libexec/xtables/libipt_ecn.so
/usr/local/libexec/xtables/libipt_ECN.so
/usr/local/libexec/xtables/libipt_icmp.so
/usr/local/libexec/xtables/libipt_LOG.so
/usr/local/libexec/xtables/libipt_MASQUERADE.so
/usr/local/libexec/xtables/libipt_MIRROR.so
...
/usr/local/libexec/xtables/libipt_REDIRECT.so
/usr/local/libexec/xtables/libipt_REJECT.so
/usr/local/libexec/xtables/libipt_SAME.so
/usr/local/libexec/xtables/libipt_set.so
/usr/local/libexec/xtables/libipt_SET.so
/usr/local/libexec/xtables/libipt_SNAT.so
/usr/local/libexec/xtables/libipt_ttl.so
/usr/local/libexec/xtables/libipt_TTL.so
/usr/local/libexec/xtables/libipt_ULOG.so
/usr/local/libexec/xtables/libipt_unclean.so

#patch -p1 --dry-run <../

100-netfilter_layer7_2.21.patch      linux-2.6.32.1.tar.bz2
101-netfilter_layer7_pktmatch.patch  linux-2.6.32.3/
150-netfilter_imq.patch              linux-2.6.32.3.tar.bz2
200-sched_esfq                       linux-2.6.32.3.was/
.config.2.6.32.3                     linux-2.6.32-imq-test2.diff
esfq-maybe.patch                     linux-2.6.32-imq-test2.diff.1
esfq-mypatch                         linux-2.6.32-imq-test2.diff.bz2
esfq.patch                           linux-2.6.33.tar.bz2
esfq-patch-2.6.26                    linux-source-2.6.26/
esfq-patch-2.6.26.was                linux-source-2.6.26-copy.tar.bz2
iptables-1.4.3.2-imq.patch           linux-source-2.6.26.tar.bz2
iptables-1.4.3.2-imq_xt.patch        sched_esfq-2.6.29.patch
linux/                               tarpit-2.6.29.patch

patching file drivers/char/random.c
Hunk #1 succeeded at 1607 (offset 19 lines).
patching file net/netfilter/Kconfig
Hunk #1 succeeded at 503 (offset 51 lines).
patching file net/netfilter/Makefile
Hunk #1 succeeded at 54 (offset 3 lines).
patching file net/netfilter/xt_TARPIT.c

patching file drivers/char/random.c
Hunk #1 succeeded at 1607 (offset 19 lines).
patching file net/netfilter/Kconfig
Hunk #1 succeeded at 503 (offset 51 lines).
patching file net/netfilter/Makefile
Hunk #1 succeeded at 54 (offset 3 lines).
patching file net/netfilter/xt_TARPIT.c

#include <linux/ip.h>

include/ init/

+       struct sk_buff_head     *qs;            /* Slot queue */
 by depth */ct esfq_head        *dep;           /* Linked list of slots, indexedd
+};
+
+/* This contains the info we will hash. */
+struct esfq_packet_info
+{
+       u32     proto;          /* protocol or port */
+       u32     src;            /* source from packet header */
+       u32     dst;            /* destination from packet header */
...
+#include <net/pkt_sched.h>
+#include <linux/jhash.h>
+#ifdef CONFIG_NET_SCH_ESFQ_NFCT
+#include <net/netfilter/nf_conntrack.h>
+#endif
+
+/*     Stochastic Fairness Queuing algorithm.
+       For more comments look at sch_sfq.c.
+       The difference is that you can change limit, depth,
+       hash table size and choose alternate hash types.

#rm -R linux-2.6.3

linux-2.6.32.1.tar.bz2           linux-2.6.32-imq-test2.diff
linux-2.6.32.3/                  linux-2.6.32-imq-test2.diff.1
linux-2.6.32.3.tar.bz2           linux-2.6.32-imq-test2.diff.bz2
linux-2.6.32.3.was/              linux-2.6.33.tar.bz2

100-netfilter_layer7_2.21.patch      linux-2.6.32.3
101-netfilter_layer7_pktmatch.patch  linux-2.6.32.3.tar.bz2
150-netfilter_imq.patch              linux-2.6.32-imq-test2.diff
200-sched_esfq                       linux-2.6.32-imq-test2.diff.1
esfq-maybe.patch                     linux-2.6.32-imq-test2.diff.bz2
esfq-mypatch                         linux-2.6.33.tar.bz2
esfq.patch                           linux-source-2.6.26
esfq-patch-2.6.26                    linux-source-2.6.26-copy.tar.bz2
esfq-patch-2.6.26.was                linux-source-2.6.26.tar.bz2
iptables-1.4.3.2-imq.patch           sched_esfq-2.6.29.patch
iptables-1.4.3.2-imq_xt.patch        tarpit-2.6.29.patch
linux                                tarpit-2.6.29.patch.orig
linux-2.6.32.1.tar.bz2

итого 280M
drwxrwsr-x  4 root src  4,0K Мар  4 12:29 .
drwxr-xr-x 14 root root 4,0K Фев 26 16:15 ..
-rw-r--r--  1 root src   57K Фев 26 15:14 100-netfilter_layer7_2.21.patch
-rw-r--r--  1 root src  3,8K Фев 26 15:15 101-netfilter_layer7_pktmatch.patch
-rw-r--r--  1 root src   36K Фев 26 15:13 150-netfilter_imq.patch
-rw-r--r--  1 root src   21K Фев 26 15:13 200-sched_esfq
-rw-r--r--  1 root src   63K Мар  4 12:29 .config-100304
-rw-r--r--  1 root src   63K Фев 26 12:50 .config.2.6.32.3
-rw-r--r--  1 root src   23K Фев 26 14:39 esfq-maybe.patch
...
-rw-r--r--  1 root src   42K Дек 11 18:52 linux-2.6.32-imq-test2.diff
-rw-r--r--  1 root src   42K Янв 19 07:40 linux-2.6.32-imq-test2.diff.1
-rw-r--r--  1 root src   11K Фев 26 13:34 linux-2.6.32-imq-test2.diff.bz2
-rw-r--r--  1 root src   64M Фев 24 19:14 linux-2.6.33.tar.bz2
drwxr-xr-x 22 root root 4,0K Фев 26 11:04 linux-source-2.6.26
-rw-r--r--  1 root src   47M Фев 26 09:22 linux-source-2.6.26-copy.tar.bz2
-rw-r--r--  1 root root  47M Дек 26 12:26 linux-source-2.6.26.tar.bz2
-rw-r--r--  1 root src   21K Окт  5 17:52 sched_esfq-2.6.29.patch
-rw-r--r--  1 root src   10K Мар  4 12:27 tarpit-2.6.29.patch
-rw-r--r--  1 root src   10K Мар  4 12:25 tarpit-2.6.29.patch.orig

linux-2.6.33/
linux-2.6.33/.gitignore
linux-2.6.33/.mailmap
linux-2.6.33/COPYING
linux-2.6.33/CREDITS
linux-2.6.33/Documentation/
linux-2.6.33/Documentation/00-INDEX
linux-2.6.33/Documentation/ABI/
linux-2.6.33/Documentation/ABI/README
linux-2.6.33/Documentation/ABI/obsolete/
...
linux-2.6.33/virt/kvm/assigned-dev.c
linux-2.6.33/virt/kvm/coalesced_mmio.c
linux-2.6.33/virt/kvm/coalesced_mmio.h
linux-2.6.33/virt/kvm/eventfd.c
linux-2.6.33/virt/kvm/ioapic.c
linux-2.6.33/virt/kvm/ioapic.h
linux-2.6.33/virt/kvm/iodev.h
linux-2.6.33/virt/kvm/iommu.c
linux-2.6.33/virt/kvm/irq_comm.c
linux-2.6.33/virt/kvm/kvm_main.c

#patch -p1 <../1

100-netfilter_layer7_2.21.patch      150-netfilter_imq.patch
101-netfilter_layer7_pktmatch.patch

patching file include/linux/netfilter/xt_layer7.h
patching file include/net/netfilter/nf_conntrack.h
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_conntrack_core.c
patching file net/netfilter/nf_conntrack_standalone.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/xt_layer7.c

patching file include/linux/netfilter/xt_layer7.h
patching file net/netfilter/xt_layer7.c

patching file drivers/net/imq.c
patching file drivers/net/Kconfig
patching file drivers/net/Makefile
patching file include/linux/imq.h
patching file include/linux/netdevice.h
Hunk #1 succeeded at 1168 with fuzz 1 (offset 54 lines).
patching file include/linux/netfilter/xt_IMQ.h
patching file include/linux/netfilter_ipv4/ipt_IMQ.h
patching file include/linux/netfilter_ipv6/ip6t_IMQ.h
patching file include/linux/skbuff.h
...
Hunk #3 succeeded at 1919 with fuzz 2 (offset 123 lines).
Hunk #4 succeeded at 1945 (offset 136 lines).
patching file net/core/skbuff.c
Hunk #2 succeeded at 94 with fuzz 1.
Hunk #4 succeeded at 638 (offset 3 lines).
Hunk #5 succeeded at 2882 (offset 3 lines).
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_queue.c
patching file net/netfilter/xt_IMQ.c

patching file include/linux/pkt_sched.h
Hunk #1 succeeded at 173 with fuzz 1 (offset -9 lines).
patching file net/sched/Kconfig
patching file net/sched/Makefile
patching file net/sched/sch_esfq.c

#patch -p1 <../

100-netfilter_layer7_2.21.patch      linux-2.6.32.1.tar.bz2
101-netfilter_layer7_pktmatch.patch  linux-2.6.32.3.tar.bz2
150-netfilter_imq.patch              linux-2.6.32-imq-test2.diff
200-sched_esfq                       linux-2.6.32-imq-test2.diff.1
.config-100304                       linux-2.6.32-imq-test2.diff.bz2
.config.2.6.32.3                     linux-2.6.33/
esfq-maybe.patch                     linux-2.6.33.tar.bz2
esfq-mypatch                         linux-source-2.6.26/
esfq.patch                           linux-source-2.6.26-copy.tar.bz2
esfq-patch-2.6.26                    linux-source-2.6.26.tar.bz2
esfq-patch-2.6.26.was                sched_esfq-2.6.29.patch
iptables-1.4.3.2-imq.patch           tarpit-2.6.29.patch
iptables-1.4.3.2-imq_xt.patch        tarpit-2.6.29.patch.orig
linux

patching file drivers/char/random.c
Hunk #1 succeeded at 1554 (offset -34 lines).
patching file net/netfilter/Kconfig
Hunk #1 succeeded at 503 (offset 51 lines).
patching file net/netfilter/Makefile
Hunk #1 succeeded at 54 (offset 3 lines).
patching file net/netfilter/xt_TARPIT.c

  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/docproc
  HOSTCC  scripts/basic/hash
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/kxgettext.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/lex.zconf.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
...
  Deflate compression algorithm (CRYPTO_DEFLATE) [N/m/y/?] n
  Zlib compression algorithm (CRYPTO_ZLIB) [N/m/y/?] n
  LZO compression algorithm (CRYPTO_LZO) [N/m/y/?] n
  *
  * Random Number Generation
  *
  Pseudo Random Number Generation for Cryptographic modules (CRYPTO_ANSI_CPRNG) [N/m/y/?] n
#
# configuration written to .config
#

  x x                                                                     x x
  x Symbol: NETFILTER_XT_TARGET_TARPIT [=m]                                 x
  x x                                                                     x x
  x mbol: NETFILTER_XT_TARGET_TARPIT [=m]                                   x
  x x                                                                     x x
  x ompt: "TARPIT" target support  fig:506                                  x
  x x                                                                     x x
  x Defined at net/netfilter/Kconfig:506   NETFILTER [=y] && NETFILTER_XTAB x
  x x                                                                     x x
  x Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLE x
...
  x x                                                                     x x
  x x                                                                     x x
  x x                                                                     x x
  x x                                                                     x x
  x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
  tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
  x                                                                         x
  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  UPD     include/linux/version.h
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  CC      kernel/bounds.s
  GEN     include/generated/bounds.h
  CC      arch/x86/kernel/asm-offsets.s
  GEN     include/generated/asm-offsets.h
  CALL    scripts/checksyscalls.sh
...
  CC      net/sched/sch_prio.mod.o
  LD [M]  net/sched/sch_prio.ko
  CC      net/sched/sch_red.mod.o
  LD [M]  net/sched/sch_red.ko
  CC      net/sched/sch_sfq.mod.o
  LD [M]  net/sched/sch_sfq.ko
  CC      net/sched/sch_tbf.mod.o
  LD [M]  net/sched/sch_tbf.ko
  CC      net/sched/sch_teql.mod.o
  LD [M]  net/sched/sch_teql.ko

  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  Building modules, stage 2.
  MODPOST 107 modules

  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
  INSTALL drivers/block/drbd/drbd.ko
  INSTALL drivers/char/hw_random/amd-rng.ko
  INSTALL drivers/clocksource/cs5535-clockevt.ko
  INSTALL drivers/misc/cs5535-mfgpt.ko
  INSTALL drivers/net/dummy.ko
  INSTALL drivers/net/ppp_generic.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.33

             General setup  --->
                                   < Exit >                                 x
  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
  lqqqqqqqqqqqqqqqqqqqqqq Linux Kernel Configuration qqqqqqqqqqqqqqqqqqqqqqqk
  x  Arrow keys navigate the menu.  <Enter> selects submenus --->.          x
  x  Highlighted letters are hotkeys.  Pressing <Y> includes, <N> excludes, x
  x  <M> modularizes features.  Press <Esc><Esc> to exit, <?> for Help, </> x
  x  for Search.  Legend: [*] built-in  [ ] excluded  <M> module  < >       x
         -*- Enable the block layer  --->
  x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
...
          x  Do you wish to save your new kernel configuration?      x
          x  <ESC><ESC> to continue.                                 x
          tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
          x                   < Yes >      <  No  >>                 x
          mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
#
# configuration written to .config
#
*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  CHK     include/generated/compile.h
  CC      arch/x86/kernel/acpi/realmode/wakemain.o
  CC      arch/x86/kernel/acpi/realmode/video-mode.o
  CC      arch/x86/kernel/acpi/realmode/regs.o
  CC      arch/x86/kernel/acpi/realmode/video-vga.o
  CC      arch/x86/kernel/acpi/realmode/video-vesa.o
...
  OBJCOPY arch/x86/boot/vmlinux.bin
  HOSTCC  arch/x86/boot/tools/build
  BUILD   arch/x86/boot/bzImage
Root device is (202, 1)
Setup is 12348 bytes (padded to 12800 bytes).
System is 3444 kB
CRC 637c69d9
Kernel: arch/x86/boot/bzImage is ready  (#2)
  Building modules, stage 2.
  MODPOST 107 modules

             cd /usr/src/linux-2.6.33/

#rm linux-2.6.33

linux-2.6.33/         linux-2.6.33.tar.bz2

linux-2.6.33/
linux-2.6.33/.gitignore
linux-2.6.33/.mailmap
linux-2.6.33/COPYING
linux-2.6.33/CREDITS
linux-2.6.33/Documentation/
linux-2.6.33/Documentation/00-INDEX
linux-2.6.33/Documentation/ABI/
linux-2.6.33/Documentation/ABI/README
linux-2.6.33/Documentation/ABI/obsolete/
...
linux-2.6.33/virt/kvm/assigned-dev.c
linux-2.6.33/virt/kvm/coalesced_mmio.c
linux-2.6.33/virt/kvm/coalesced_mmio.h
linux-2.6.33/virt/kvm/eventfd.c
linux-2.6.33/virt/kvm/ioapic.c
linux-2.6.33/virt/kvm/ioapic.h
linux-2.6.33/virt/kvm/iodev.h
linux-2.6.33/virt/kvm/iommu.c
linux-2.6.33/virt/kvm/irq_comm.c
linux-2.6.33/virt/kvm/kvm_main.c

  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/docproc
  HOSTCC  scripts/basic/hash
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/kxgettext.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/lex.zconf.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
...
  Deflate compression algorithm (CRYPTO_DEFLATE) [N/m/y/?] n
  Zlib compression algorithm (CRYPTO_ZLIB) [N/m/y/?] n
  LZO compression algorithm (CRYPTO_LZO) [N/m/y/?] n
  *
  * Random Number Generation
  *
  Pseudo Random Number Generation for Cryptographic modules (CRYPTO_ANSI_CPRNG) [N/m/y/?] n
#
# configuration written to .config
#

patching file include/linux/netfilter/xt_layer7.h
patching file include/net/netfilter/nf_conntrack.h
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_conntrack_core.c
patching file net/netfilter/nf_conntrack_standalone.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/xt_layer7.c

patching file include/linux/netfilter/xt_layer7.h
patching file net/netfilter/xt_layer7.c

patching file drivers/net/imq.c
patching file drivers/net/Kconfig
patching file drivers/net/Makefile
patching file include/linux/imq.h
patching file include/linux/netdevice.h
Hunk #1 succeeded at 1168 with fuzz 1 (offset 54 lines).
patching file include/linux/netfilter/xt_IMQ.h
patching file include/linux/netfilter_ipv4/ipt_IMQ.h
patching file include/linux/netfilter_ipv6/ip6t_IMQ.h
patching file include/linux/skbuff.h
...
Hunk #3 succeeded at 1919 with fuzz 2 (offset 123 lines).
Hunk #4 succeeded at 1945 (offset 136 lines).
patching file net/core/skbuff.c
Hunk #2 succeeded at 94 with fuzz 1.
Hunk #4 succeeded at 638 (offset 3 lines).
Hunk #5 succeeded at 2882 (offset 3 lines).
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_queue.c
patching file net/netfilter/xt_IMQ.c

patching file include/linux/pkt_sched.h
Hunk #1 succeeded at 173 with fuzz 1 (offset -9 lines).
patching file net/sched/Kconfig
patching file net/sched/Makefile
patching file net/sched/sch_esfq.c

 .config - Linux Kernel v2.6.33 Configuration
 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
             General setup  --->
  lqqqqqqqqqqqqqqqqqqqqqq Linux Kernel Configuration qqqqqqqqqqqqqqqqqqqqqqqk
*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  UPD     include/linux/version.h
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  CC      kernel/bounds.s
  GEN     include/generated/bounds.h
  CC      arch/x86/kernel/asm-offsets.s
  GEN     include/generated/asm-offsets.h
  CALL    scripts/checksyscalls.sh
...
  CC      net/sched/sch_prio.mod.o
  LD [M]  net/sched/sch_prio.ko
  CC      net/sched/sch_red.mod.o
  LD [M]  net/sched/sch_red.ko
  CC      net/sched/sch_sfq.mod.o
  LD [M]  net/sched/sch_sfq.ko
  CC      net/sched/sch_tbf.mod.o
  LD [M]  net/sched/sch_tbf.ko
  CC      net/sched/sch_teql.mod.o
  LD [M]  net/sched/sch_teql.ko

--- /tmp/l3-saved-3972.14372.9638	2010-03-04 13:10:13.000000000 +0000
+++ /root/myfirewall.sh	2010-03-04 13:13:18.000000000 +0000
@@ -115,7 +115,8 @@
 # Define a LOG and TARPIT custom chain:
 iptables -N LnT
 iptables -A LnT -p tcp -j LOG --log-prefix "LnT "
-iptables -A LnT -p tcp -j TARPIT
+# iptables -A LnT -p tcp -j TARPIT
+iptables -A LnT -p tcp -j REJECT
 
 # Define a DDenial of Service custom chain:
 iptables -N DDoS
@@ -179,7 +180,8 @@
 iptables -A FTPl -j FTP
 # Don't need to match new or syn because that's handled by the above rule:
 # This may be too restrictive, so I reduced TARPIT from 2 to 3:
-iptables -A FTPl -p tcp -m statistic --mode nth --every 3 -j TARPIT
+# iptables -A FTPl -p tcp -m statistic --mode nth --every 3 -j TARPIT
+iptables -A FTPl -p tcp -m statistic --mode nth --every 3 -j REJECT
 iptables -A FTPl -j RETURN
 
 # * * * * * * * Here is where the filtering begins * * * * * * *
@@ -278,12 +280,12 @@
 fi
 
 # TARPIT these (/etc/firewall/tarpit must be executable):
-if [ -x /etc/firewall/tarpit ]; then
-   while read TARP; do
-      TARP=$(echo "$TARP" | awk '{print $1}')
-      iptables -A INPUT -p tcp -s $TARP -j LnT
-   done </etc/firewall/tarpit
-fi
+# if [ -x /etc/firewall/tarpit ]; then
+#   while read TARP; do
+#      TARP=$(echo "$TARP" | awk '{print $1}')
+#      iptables -A INPUT -p tcp -s $TARP -j LnT
+#   done </etc/firewall/tarpit
+# fi
 
 # Limit new connection attempts from FTP leechers 
 # Can't TARPIT in the mangle table so squeeze 'em in INPUT <evil g>
@@ -347,7 +349,8 @@
 
 # Low Ports:
 # (Can't TARPIT udp)
-iptables -A INPUT -p tcp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j TARPIT
+# iptables -A INPUT -p tcp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j TARPIT
+iptables -A INPUT -p tcp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j RdL
 iptables -A INPUT -p udp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j RdL
 # This is "too many ports specified" because the max is 15 ports;
 # IPT_MULTI_PORTS is set to 15 in ~linux/include/linux/netfilter_ipv4 for both
@@ -359,7 +362,8 @@
 iptables -A INPUT -p udp --dport $LOWPORTS -j RdL
 
 # Annoyance high ports:
-iptables -A INPUT -p tcp --sport $HI_PORTS -m mport --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j TARPIT
+# iptables -A INPUT -p tcp --sport $HI_PORTS -m mport --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j TARPIT
+iptables -A INPUT -p tcp --sport $HI_PORTS -m mport --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j RnL
 
 # Take advantage of the stateful nature of iptables on the INPUT chain:
 iptables -A INPUT -p tcp --dport ! 20:21 -m state --state $E_R -j ACCEPT
@@ -367,7 +371,8 @@
 
 # * * Here is where the INPUT filtering ends and the policy takes effect * *
 # INPUT chain:  Just Say NO to everything not specifically allowed:
-iptables -A INPUT -p tcp -j TARPIT	# Log so annoyance high ports can be
+# iptables -A INPUT -p tcp -j TARPIT	# Log so annoyance high ports can be
+iptables -A INPUT -p tcp -j RnL		# Log so annoyance high ports can be
 # added to the TARPIT list.  Naah, fuck em now not later.  Was LnRi 19Feb04
 iptables -A INPUT -j RdL		# Can't TARPIT other than tcp which are
 # dealt with in the prior rule.  This REJECTs rather than DROPs, overriding the

  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  Building modules, stage 2.
  MODPOST 105 modules

  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
  INSTALL drivers/block/drbd/drbd.ko
  INSTALL drivers/char/hw_random/amd-rng.ko
  INSTALL drivers/net/dummy.ko
  INSTALL drivers/net/imq.ko
  INSTALL drivers/net/ppp_generic.ko
  INSTALL drivers/net/pppoe.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.33

             cd /usr/src/linux-2.6.33/

#rm -R linux-2.6.33

linux-2.6.33/         linux-2.6.33.tar.bz2

linux-2.6.33/
linux-2.6.33/.gitignore
linux-2.6.33/.mailmap
linux-2.6.33/COPYING
linux-2.6.33/CREDITS
linux-2.6.33/Documentation/
linux-2.6.33/Documentation/00-INDEX
linux-2.6.33/Documentation/ABI/
linux-2.6.33/Documentation/ABI/README
linux-2.6.33/Documentation/ABI/obsolete/
...
linux-2.6.33/virt/kvm/assigned-dev.c
linux-2.6.33/virt/kvm/coalesced_mmio.c
linux-2.6.33/virt/kvm/coalesced_mmio.h
linux-2.6.33/virt/kvm/eventfd.c
linux-2.6.33/virt/kvm/ioapic.c
linux-2.6.33/virt/kvm/ioapic.h
linux-2.6.33/virt/kvm/iodev.h
linux-2.6.33/virt/kvm/iommu.c
linux-2.6.33/virt/kvm/irq_comm.c
linux-2.6.33/virt/kvm/kvm_main.c

#cp ./.config

.config-100304    .config.2.6.32.3

  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/docproc
  HOSTCC  scripts/basic/hash
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/kxgettext.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/lex.zconf.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
...
  Deflate compression algorithm (CRYPTO_DEFLATE) [N/m/y/?] n
  Zlib compression algorithm (CRYPTO_ZLIB) [N/m/y/?] n
  LZO compression algorithm (CRYPTO_LZO) [N/m/y/?] n
  *
  * Random Number Generation
  *
  Pseudo Random Number Generation for Cryptographic modules (CRYPTO_ANSI_CPRNG) [N/m/y/?] n
#
# configuration written to .config
#

*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  UPD     include/linux/version.h
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  CC      kernel/bounds.s
  GEN     include/generated/bounds.h
  CC      arch/x86/kernel/asm-offsets.s
  GEN     include/generated/asm-offsets.h
  CALL    scripts/checksyscalls.sh
...
  OBJCOPY arch/x86/boot/vmlinux.bin
  HOSTCC  arch/x86/boot/tools/build
  BUILD   arch/x86/boot/bzImage
Root device is (202, 1)
Setup is 12348 bytes (padded to 12800 bytes).
System is 3567 kB
CRC cea061b0
Kernel: arch/x86/boot/bzImage is ready  (#1)
  Building modules, stage 2.
  MODPOST 75 modules

  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  CC [M]  arch/x86/kernel/test_nx.o
  CC [M]  arch/x86/kvm/svm.o
  CC [M]  arch/x86/kvm/vmx.o
  CC [M]  arch/x86/kvm/../../../virt/kvm/kvm_main.o
  CC [M]  arch/x86/kvm/../../../virt/kvm/ioapic.o
  CC [M]  arch/x86/kvm/../../../virt/kvm/coalesced_mmio.o
  CC [M]  arch/x86/kvm/../../../virt/kvm/irq_comm.o
...
  CC      net/sched/sch_prio.mod.o
  LD [M]  net/sched/sch_prio.ko
  CC      net/sched/sch_red.mod.o
  LD [M]  net/sched/sch_red.ko
  CC      net/sched/sch_sfq.mod.o
  LD [M]  net/sched/sch_sfq.ko
  CC      net/sched/sch_tbf.mod.o
  LD [M]  net/sched/sch_tbf.ko
  CC      net/sched/sch_teql.mod.o
  LD [M]  net/sched/sch_teql.ko

  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
  INSTALL drivers/char/hw_random/amd-rng.ko
  INSTALL drivers/net/dummy.ko
  INSTALL drivers/net/ppp_generic.ko
  INSTALL drivers/net/pppoe.ko
  INSTALL drivers/net/pppox.ko
  INSTALL drivers/net/slhc.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.33

root@192.168.8.140's password:
initrd-2.6.33                                 100% 7052KB   6.9MB/s   00:01

.6.33
root@192.168.8.140's password:
bzImage                                       100% 3579KB   3.5MB/s   00:00

linux-2.6.32.3/
linux-2.6.32.3/.gitignore
linux-2.6.32.3/.mailmap
linux-2.6.32.3/COPYING
linux-2.6.32.3/CREDITS
linux-2.6.32.3/Documentation/
linux-2.6.32.3/Documentation/00-INDEX
linux-2.6.32.3/Documentation/ABI/
linux-2.6.32.3/Documentation/ABI/README
linux-2.6.32.3/Documentation/ABI/obsolete/
...
linux-2.6.32.3/virt/kvm/Kconfig
linux-2.6.32.3/virt/kvm/coalesced_mmio.c
linux-2.6.32.3/virt/kvm/coalesced_mmio.h
linux-2.6.32.3/virt/kvm/eventfd.c
linux-2.6.32.3/virt/kvm/ioapic.c
linux-2.6.32.3/virt/kvm/ioapic.h
linux-2.6.32.3/virt/kvm/iodev.h
linux-2.6.32.3/virt/kvm/iommu.c
linux-2.6.32.3/virt/kvm/irq_comm.c
linux-2.6.32.3/virt/kvm/kvm_main.c

*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/docproc
  HOSTCC  scripts/basic/hash
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/kxgettext.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/lex.zconf.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf -o arch/x86/Kconfig
#
# configuration written to .config
#

patching file include/linux/netfilter/xt_layer7.h
patching file include/net/netfilter/nf_conntrack.h
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_conntrack_core.c
patching file net/netfilter/nf_conntrack_standalone.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/xt_layer7.c

patching file include/linux/netfilter/xt_layer7.h
patching file net/netfilter/xt_layer7.c

patching file drivers/net/imq.c
patching file drivers/net/Kconfig
patching file drivers/net/Makefile
patching file include/linux/imq.h
patching file include/linux/netdevice.h
patching file include/linux/netfilter/xt_IMQ.h
patching file include/linux/netfilter_ipv4/ipt_IMQ.h
patching file include/linux/netfilter_ipv6/ip6t_IMQ.h
patching file include/linux/skbuff.h
patching file include/net/netfilter/nf_queue.h
patching file net/core/dev.c
patching file net/core/skbuff.c
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_queue.c
patching file net/netfilter/xt_IMQ.c

patching file include/linux/pkt_sched.h
patching file net/sched/Kconfig
patching file net/sched/Makefile
patching file net/sched/sch_esfq.c