How to install xtables-addons on CentOS 6

1 Preliminary Note

Before we start, make sure that SELinux is disabled. Run


or edit /etc/selinux/config

# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted

to disable SELinux, and ...

echo 0 > /selinux/enforce

... for the change to take effect.


2 Supported Configurations

* iptables >= 1.4.3

* kernel-source >= 2.6.29

For ipset-6 you need:

* libmnl

* Linux kernel >= 2.6.35


3 Installing Packages

Note: you'll need the same version of kernel-devel package as your current kernel!

uname -r


yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel

In this case kernel-devel-2.6.32-71.el6.i686

Install rpmforge repo for perl-Text-CSV_XS package:

rpm -i

yum install perl-Text-CSV_XS


4 Compile xtables-addons

Get xtables-addons source and unarchive it:


tar xvf xtables-addons-1.37.tar.xz

Compile modules:

cd xtables-addons-1.37/

Note: You can edit the "mconfig" file to select what modules to build and install. By default, all modules are enabled.


make && make install


5 Setting Up geoip Module

Create geoip database for iptables geoip match:

cd geoip/

Using the scripts form geoip folder download and compile MaxMind GeoIPCountry database:


./xt_geoip_build GeoIPCountryWhois.csv

Move the files to their default location:

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

Test it like this:

iptables -I INPUT -m geoip --src-cc CN -j DROP

This will drop all incoming connections from China.


Add to Favourites  Add to Favourites    Print this Article  Print this Article

Was this answer helpful?