Last active
March 14, 2016 03:56
-
-
Save luftreich/47c97804a37d4be2d1c1 to your computer and use it in GitHub Desktop.
iptables/netfilter命令、实现及利用 (http://blog.csdn.net/sealyao/article/details/5934268)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| obj-m = nethook.o | |
| KVERSION = $(shell uname -r) | |
| all: | |
| make -C /lib/modules/$(KVERSION)/build M=$(PWD) modules | |
| clean: | |
| make -C /lib/modules/$(KVERSION)/build M=$(PWD) clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change it here or specify it on the "make" commandline | |
| #for 2.6 | |
| ARCH = arm | |
| # 指定编译器 | |
| CROSS_COMPILE = /work/arm-gcc/arm-2009q1/bin/arm-none-linux-gnueabi- | |
| # 内核头文件路径 | |
| KDIR = /work/Linux_headers_2.6.37_ShenZhenICI_20130628 | |
| # 模块安装路径 | |
| PREFIX = /work/XiDian_Security_mods | |
| obj-m += security_zd_dvr.o | |
| .PHONY:kmods | |
| kmods: | |
| make -C $(KDIR) M=`pwd` | |
| cp *.ko $(PREFIX) | |
| chmod 777 $(PREFIX)/*.ko | |
| clean: | |
| #-rm -f *.o *.ver *~ *.cmd | |
| make -C $(KDIR) M=`pwd` clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //nethook.c | |
| #include <linux/module.h> | |
| #include <linux/kernel.h> | |
| #include <linux/netfilter.h> | |
| #include <linux/netfilter_ipv4.h> | |
| #include <linux/netdevice.h> | |
| #include <linux/skbuff.h> | |
| #include <linux/ip.h> | |
| #include <linux/tcp.h> | |
| static struct nf_hook_ops nfho; | |
| unsigned int hook_func(unsigned int hooknum, | |
| struct sk_buff **skb, | |
| const struct net_device *in, | |
| const struct net_device *out, | |
| int (*okfn)(struct sk_buff *)) | |
| { | |
| #ifdef BASE_TEST | |
| return NF_DROP; | |
| #endif | |
| #ifdef INTF_TEST | |
| if(strcmp(in->name,"eth0") == 0){ | |
| return NF_DROP; | |
| } | |
| #endif | |
| #ifdef ADDR_TEST | |
| static unsigned char *drop_ip = "/x0a/x08/x50/x6c"; | |
| struct sk_buff *sk = *skb; | |
| if(sk->nh.iph->saddr == *(unsigned int *)drop_ip){ | |
| return NF_DROP; | |
| } | |
| #endif | |
| #ifdef PORT_TEST | |
| unsigned char *deny_port = "/x00/x19"; /* port 25 */ | |
| struct tcphdr *thead; | |
| if (!skb ) | |
| return NF_ACCEPT; | |
| if (!(skb->nh.iph)) | |
| return NF_ACCEPT; | |
| if (skb->nh.iph->protocol != IPPROTO_TCP) { | |
| return NF_ACCEPT; | |
| } | |
| thead = (struct tcphdr *)(skb->data +(skb->nh.iph->ihl * 4)); | |
| if ((thead->dest) == *(unsigned short *)deny_port) { | |
| return NF_DROP; | |
| } | |
| #endif | |
| return NF_ACCEPT; | |
| } | |
| static int __init init_nethook(void) | |
| { | |
| nfho.hook = hook_func; | |
| nfho.hooknum = NF_IP_PRE_ROUTING; | |
| nfho.pf = PF_INET; | |
| nfho.priority = NF_IP_PRI_FIRST; | |
| nf_register_hook(&nfho); | |
| return 0; | |
| } | |
| static void __exit exit_nethook(void) | |
| { | |
| nf_unregister_hook(&nfho); | |
| } | |
| module_init(init_nethook); | |
| module_exit(exit_nethook); |
# ~/.rtorrent.rc
#最小允许peer数
min_peers = 3
#最大允许peer数
max_peers = 500
#最大同时上传用户数
max_uploads = 10
#最大下载950k/s 光纤用户使用,adsl请酌情修改
download_rate = 40000
#最大上传200k/s 光纤用户使用,adsl请酌情修改
upload_rate = 200
#下载目录
directory = /work/Download
#下载历史目录(此目录中包括下载进度信息和DHT节点缓存)
session = /work/Download/session
#(配置自动监视,把bt种子扔进/work/Download目录就自动下载)
schedule = watch_directory,5,5,load_start=/work/Download/seed/*.torrent
#(配置自动监视,把bt种子从/work/Download目录拿走就自动停止下载)
schedule = untied_directory,5,5,stop_untied=
#硬盘空间低于100M就自动停止一切下载)
schedule = low_diskspace,5,60,close_low_diskspace=100M
#(在总上传量达到200M的情况下上传/下载率达到200%,或者在总上传量不足200M情况下上传/下载率达到2000%,则停止上传)
schedule = ratio,60,60,"stop_on_ratio=200,200M,2000"
#bt监听端口
port_range = 9400-9500
#随机从上面范围内选择端口
port_random = yes
######开启DHT######
dht = on
#DHT所用的UDP端口
dht_port = 9501
#种子交换功能
peer_exchange = yes
#(上传缓存,每个种子10M,小内存用户请酌情修改)
# send_buffer_size = 10M
#(下载缓存,每个种子20M,小内存用户请酌情修改)
# receive_buffer_size = 20M
#(修改编码以避免中文乱码)
encoding_list=UTF-8
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
📖 Netfilter
http://blog.csdn.net/sealyao/article/details/5934268
http://www.study-area.org/linux/servers/linux_nat.htm
http://bullshitlie.blogspot.hk/2012/04/ultimate.html
http://xtaci.github.io/blog/2012/04/06/ultimate/
http://www.lartc.org/lartc.html
http://www.lartc.org/howto/
http://www.lartc.org/howto/lartc.netfilter.html
http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
http://www.lartc.org/howto/lartc.cookbook.squid.html
http://linux-ip.net/html/index.html
http://linux-ip.net/html/adv-multi-internet.html
http://linux.vbird.org/linux_server/0250simple_firewall.php
http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://www.study-area.org/tips/adv-route/Adv-Routing-HOWTO-12.html