forked from ewildgoose/ndpi-netfilter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
55 lines (33 loc) · 1.52 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
nDPI module INSTALL
----------------------
The install the modules follow these steps, always from the modules package
root (i.e. where this file is located)
- To compile the modules first type:
NDPI_PATH=/home/foo/ndpi-1.3.0 make
Where, NDPI_PATH is the path to the original nDPI source code package
(note that you have to extract it first).
- Then, as root, type:
make modules_install
That would install the nDPI module for the given Linux kernel.
- Finally, also as root, you should copy the iptables module into the
corresponding directory. Usually this is "/lib/xtables" or
"/usr/lib/xtables".
cp ipt/libxt_ndpi.so /lib/xtables
Now you can read the following section to learn how to use it.
Module usage
------------
Once you have installed both modules ("libxt_ndpi.so" and "xt_ndpi.ko")
you should type (as root):
modprobe xt_ndpi
If the module has been successfully loaded you shouldn't see any message.
After loading the kernel module you can use iptables to add a rule. To see
available protocols you can match for in every packet, type (as root):
iptables -m ndpi --help
Note that the list is long, you best try: "iptables -m ndpi --help | more"
An example rule would be (as root):
iptables -A OUTPUT -m ndpi --http -j REJECT
This wouldn't allow any HTTP traffic that originates from the machine where the
rule was added.
In case you want to stop using the nDPI kernel module, first remove every
iptables rule for nDPI and then type (as root):
modprobe -r xt_ndpi