Skip to content

install

Jump to bottom Edit New page
mimuret edited this page Feb 22, 2016 · 6 revisions

build & install

##CentOS 6

sudo yum install gcc make automake libtool \
iptables-devel kernel-headers-`uname -r` kernel-devel-`uname -r`

git clone -b kernel2.6 https://github.com/mimuret/iptables-ext-dns.git
cd iptables-ext-dns

./autogen.sh
./configure --libdir=/lib64
make
sudo make install

##CentOS 7

sudo yum install gcc make automake libtool \
iptables-devel kernel-headers-`uname -r` kernel-devel-`uname -r`

git clone https://github.com/mimuret/iptables-ext-dns.git
cd iptables-ext-dns

./autogen.sh
./configure --libdir=/lib64
make
sudo make install

##ubuntu-14.04.4 

sudo apt-get install gcc \
make \
automake \
autoconf \
libtool \
linux-headers-$(uname -r) \
iptables-dev

git clone https://github.com/mimuret/iptables-ext-dns.git
cd iptables-ext-dns
./autogen.sh
./configure --libdir=/lib
make
sudo make install

test

libxt_dns.so (iptables ui module)

$ iptables -m dns --help
~
~
~
dns match options:
[!] --qr match when response
[!] --opcode match
      (Flags QUERY,IQUERY,STATUS,NOTIFY,UPDATE)
[!] --aa match when Authoritative Answer
[!] --tc match when Truncated Response
[!] --rd match when Recursion Desired
[!] --ra match when Recursion Available
[!] --ad match when Authentic Data
[!] --cd match when checking Disabled
[!] --qname
[!] --qtype
      (Flags ex. A,AAAA,MX,NS,TXT,SOA... )
	see. http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
[!] --reverse-match --rmatch reverse matching flag
[!] --maxsize qname max size

$ sudo iptables -A DNSCHECK -m dns -j ACCEPT
$ sudo iptables --list -n -v
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           dns

xt_dns.so (kernel module)

$ modinfo xt_dns
filename:       /lib/modules/3.10.0-327.el7.x86_64/kernel/net/netfilter/xt_dns.ko
alias:          ip6t_dns
alias:          ipt_dns
license:        GPL
description:    Xtables: DNS matching
author:         Manabu Sonoda <mimuret@gmail.com>
rhelversion:    7.2
srcversion:     5432DE32DC7DD56416CF8BE
depends:
vermagic:       3.10.0-327.el7.x86_64 SMP mod_unload modversions

$ sudo cat /proc/net/ip6_tables_matches | grep dns
dns
$ sudo cat /proc/net/ip6_tables_matches | grep dns
dns

matching test

dig @${serverip} hogehoge.com.

$ sudo iptables --list -n -v
    1    66 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           dns
Add a custom footer
Add a custom sidebar
Clone this wiki locally