summaryrefslogtreecommitdiffstats
path: root/README
blob: 4833b901b3fea2b0146193fcf4ff326ff3ad9474 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
This is the ipset source tree. Follow these steps to install ipset:

0. You need the source tree of your kernel (version >= 2.6.16 or 2.4.36.x)
   and it have to be configured, modules compiled.

1. Compile ipset and it's kernel modules

   # make KERNEL_DIR=<<where-you-built-your-kernel>>

   You can specify the maximum number of sets (default 256)
   and/or the hash size for bindings (default 1024) if you want:

   # make KERNEL_DIR=<<where-you-built-your-kernel>> \
	IP_NF_SET_MAX=<<your setsize number>> \
	IP_NF_SET_HASHSIZE=<<your hashsize number>>

   If your compiler does not support all of the extra warning
   flags, you can disable those too:

   # make KERNEL_DIR=<<where-you-built-your-kernel>> \
	IP_NF_SET_MAX=<<your setsize number>> \
	IP_NF_SET_HASHSIZE=<<your hashsize number>> \
	NO_EXTRA_WARN_FLAGS=yes

2. Install the binary and the modules

   # make KERNEL_DIR=<<where-you-built-your-kernel>> install

3. Cleanup the source tree

   # make KERNEL_DIR=<<where-you-built-your-kernel>> clean

That's it! 

Read the ipset(8) and iptables(8) manpages on how to use ipset 
and its match and target from iptables.

If you want to build a non-modular >= 2.6.16 kernel or has got a 2.4.36.x
kernel tree, then proceed with the following steps:

1. Compile the ipset binaries

  # make KERNEL_DIR=<<where-you-built-your-kernel>> binaries

2. Install the ipset binaries

  # make KERNEL_DIR=<<where-you-built-your-kernel>> binaries_install

3. Patch your kernel source

  # make KERNEL_DIR=<<where-you-built-your-kernel>> patch_kernel

4. Go to the kernel source and run 'make oldconfig', enable the ipset
   functionality and compile, install your kernel.