Skip to main content

Ipset from source

warning

BitNinja does not support these features since 2.0.0. For more information check the changelog.

BitNinja has one major system component dependency for efficient operation: the ipset Linux module. This module is shipped with all the latest versions of major Linux distributions (like CentOs 6+, Debian 6+, Ubuntu 10+), but some older distros may be missing it. In the next section you can find detailed information on how to install ipset onto your Linux server in case your Linux distro does not ship it.

IPsets are a framework inside the Linux kernel which can be administered by the ipset utility. Depending on the type, an IPset may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names, or combinations of them in a way which ensures lightning speed when matching an entry against a set.

In most cases, your Linux distribution will provide you the version of ipset needed for BitNinja. In the case of older Linuxes (like some CentOs 5 and CloudLinux 5 boxes) or in case of a custom kernel you need to compile an ipset for your kernel and the ipset binary to allow BitNinja good performance and avoid using the simulated ipset mode.

Here are the instructions needed to compile ipset:

  1. Install the kernel source yum install kernel-devel

  2. Download ipset source wget http://ipset.netfilter.org/ipset-4.5.tar.bz2

  3. Uncompress it tar jxf ipset-4.5.tar.bz2

  4. Compile make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/

  5. Install make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/ install

  6. If the kernel source is not exactly the same (this is the case with CloudLinux) you can copy the kernel module from /lib/modules/[original_kernel_version]/kernel/extra to the the same directory of the actual kernel. The module is called ip_set.ko.

  7. Build kernel module dependencies depmod

  8. Load ipset module modprobe ip_set

And for the ipset binary:

  1. Compile the binary make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/ binaries

  2. Install it make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/ binaries_install

That's it. Ipset should work now.

Testing ipset

To test ipset functionality, these commands must run without any error:

ipset --version
ipset -N test
ipset -N test iphash
ipset -A test 1.2.3.4
ipset -L test
ipset -X test