Xtables-Addons On Centos 6 & Iptables GeoIP Filtering

Want to support HowtoForge? Become a subscriber!
 
Submitted by TiTex (Contact Author) (Forums) on Thu, 2011-08-18 12:01. :: CentOS | Security

Xtables-Addons On Centos 6 & Iptables GeoIP Filtering

This tutorial will explain how to install aditional modules for the kernel to use with iptables rules sets (netfilter modules). Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to patch or recompile the kernel.

A list of all available modules can be found here and their usage here.

 

1 Preliminary Note

Before we start, make sure that SELinux is disabled. Run

system-config-securitylevel

or edit /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

to disable SELinux, and ...

echo 0 > /selinux/enforce

... for the change to take effect.

 

2 Supported Configurations

* iptables >= 1.4.3

* kernel-source >= 2.6.29

For ipset-6 you need:

* libmnl

* Linux kernel >= 2.6.35

 

3 Installing Packages

Note: you'll need the same version of kernel-devel package as your current kernel!

uname -r

2.6.32-71.el6.i686

yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel

In this case kernel-devel-2.6.32-71.el6.i686

Install rpmforge repo for perl-Text-CSV_XS package:

rpm -i http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

yum install perl-Text-CSV_XS

 

4 Compile xtables-addons

Get xtables-addons source and unarchive it:

wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/1.37/xtables-addons-1.37.tar.xz

tar xvf xtables-addons-1.37.tar.xz

Compile modules:

cd xtables-addons-1.37/

Note: You can edit the "mconfig" file to select what modules to build and install. By default, all modules are enabled.

./configure

make && make install

 

5 Setting Up geoip Module

Create geoip database for iptables geoip match:

cd geoip/

Using the scripts form geoip folder download and compile MaxMind GeoIPCountry database:

./xt_geoip_dl

./xt_geoip_build GeoIPCountryWhois.csv

Move the files to their default location:

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

Test it like this:

iptables -I INPUT -m geoip --src-cc CN -j DROP

This will drop all incoming connections from China.

 

6 Links

Xtables-addons: http://xtables-addons.sourceforge.net/

Xtables-addons modules: http://xtables-addons.sourceforge.net/modules.php

Xtables-addons man page: http://dev.medozas.de/files/xtables/xtables-addons.8.html

MaxMind GeoIP: http://geolite.maxmind.com/download/geoip/database

CentOS: http://www.centos.org/


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by omcdr (registered user) on Sun, 2014-03-16 17:16.
in Centos 6.5 x64 with kernel 2.6.32-431.3.1.el6.centos.plus.x86_64 I have compilation error with conflicting types for PDE_DATA.
How to fix it ?
Is it possible to exclude this xt_CHAOS module from compilation ?



<code>
make all-recursive
make[1]: Entering directory `/root/xtables-addons-2.4'
Making all in extensions
make[2]: Entering directory `/root/xtables-addons-2.4/extensions'
Xtables-addons 2.4 - Linux 2.6.32-431.5.1.el6.centos.plus.x86_64
if [ -n "/lib/modules/2.6.32-431.3.1.el6.centos.plus.x86_64/build" ]; then make -C /lib/modules/2.6.32-431.3.1.el6.centos.plus.x86_64/build M=/root/xtables-addons-2.4/extensions modules; fi;
make[3]: Entering directory `/usr/src/kernels/2.6.32-431.5.1.el6.centos.plus.x86_64'
CC [M] /root/xtables-addons-2.4/extensions/xt_CHAOS.o
In file included from /root/xtables-addons-2.4/extensions/compat_xtables.h:7,
from /root/xtables-addons-2.4/extensions/xt_CHAOS.c:24:
/root/xtables-addons-2.4/extensions/compat_xtnu.h:16: warning: âstruct xt_action_paramâ declared inside parameter list
/root/xtables-addons-2.4/extensions/compat_xtnu.h:16: warning: its scope is only this definition or declaration, which is probably not what you want
/root/xtables-addons-2.4/extensions/compat_xtnu.h:31: warning: âstruct xt_action_paramâ declared inside parameter list
In file included from /root/xtables-addons-2.4/extensions/xt_CHAOS.c:24:
/root/xtables-addons-2.4/extensions/compat_xtables.h:12:3: warning: #warning Kernels below 3.7 not supported.
In file included from /root/xtables-addons-2.4/extensions/xt_CHAOS.c:24:
/root/xtables-addons-2.4/extensions/compat_xtables.h:54: error: expected declaration specifiers or â...â before âkuid_tâ
/root/xtables-addons-2.4/extensions/compat_xtables.h:54: error: expected declaration specifiers or â...â before âkgid_tâ
/root/xtables-addons-2.4/extensions/compat_xtables.h: In function âproc_set_userâ:
/root/xtables-addons-2.4/extensions/compat_xtables.h:56: error: âuidâ undeclared (first use in this function)
/root/xtables-addons-2.4/extensions/compat_xtables.h:56: error: (Each undeclared identifier is reported only once
/root/xtables-addons-2.4/extensions/compat_xtables.h:56: error: for each function it appears in.)
/root/xtables-addons-2.4/extensions/compat_xtables.h:57: error: âgidâ undeclared (first use in this function)
/root/xtables-addons-2.4/extensions/compat_xtables.h: At top level:
/root/xtables-addons-2.4/extensions/compat_xtables.h:60: error: conflicting types for âPDE_DATAâ
include/linux/proc_fs.h:328: note: previous definition of âPDE_DATAâ was here
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:49: warning: âstruct xt_action_paramâ declared inside parameter list
/root/xtables-addons-2.4/extensions/xt_CHAOS.c: In function âxt_chaos_totalâ:
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:51: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:60: error: storage size of âlocal_parâ isnât known
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:61: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:62: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:62: warning: left-hand operand of comma expression has no effect
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:63: warning: left-hand operand of comma expression has no effect
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:60: warning: unused variable âlocal_parâ
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:76: error: storage size of âlocal_parâ isnât known
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:77: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:78: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:79: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:81: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:82: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:76: warning: unused variable âlocal_parâ
/root/xtables-addons-2.4/extensions/xt_CHAOS.c: At top level:
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:88: warning: âstruct xt_action_paramâ declared inside parameter list
/root/xtables-addons-2.4/extensions/xt_CHAOS.c: In function âchaos_tgâ:
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:98: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:102: error: storage size of âlocal_parâ isnât known
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:103: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:104: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:105: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:102: warning: unused variable âlocal_parâ
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:114: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:115: warning: passing argument 2 of âxt_chaos_totalâ from incompatible pointer type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:49: note: expected âconst struct xt_action_param *â but argument is of type âconst struct xt_action_param *â
/root/xtables-addons-2.4/extensions/xt_CHAOS.c: At top level:
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:145: warning: initialization from incompatible pointer type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:146: warning: initialization from incompatible pointer type
/root/xtables-addons-2.4/extensions/xt_CHAOS.c: In function âchaos_tg_initâ:
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:155: error: implicit declaration of function âxt_request_find_matchâ
/root/xtables-addons-2.4/extensions/xt_CHAOS.c:155: warning: assignment makes pointer from integer without a cast
make[4]: *** [/root/xtables-addons-2.4/extensions/xt_CHAOS.o] Error 1
make[3]: *** [_module_/root/xtables-addons-2.4/extensions] Error 2
make[3]: Leaving directory `/usr/src/kernels/2.6.32-431.5.1.el6.centos.plus.x86_64'
make[2]: *** [modules] Error 2

make[2]: Leaving directory `/root/xtables-addons-2.4/extensions'

</code>

Submitted by Johan (not registered) on Thu, 2014-03-06 08:34.

Make, run just fine but make install stops with this fault. (I have tried version 1.37,1.39 and 1.47 same problem.)

DEPMOD  2.6.32-431.3.1.el6.x86_64
/bin/sh: line 1: 29955 Killed                  /sbin/depmod -ae -F System.map 

 

Does some one have a fix or a hint to this problem.

 

uname -ra

  2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3 21:39:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

 

 

 

Making install in extensions
make[1]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions'
Xtables-addons 1.39 - Linux 2.6.32-431.3.1.el6.x86_64
if [ -n "/lib/modules/2.6.32-431.3.1.el6.x86_64/build" ]; then make -C /lib/modules/2.6.32-431.3.1.el6.x86_64/build M=/usr/local                                                                               /src/xtables-addons-1.39/extensions modules; fi;
make[2]: Entering directory `/usr/src/kernels/2.6.32-431.3.1.el6.x86_64'
  Building modules, stage 2.
  MODPOST 20 modules
make[2]: Leaving directory `/usr/src/kernels/2.6.32-431.3.1.el6.x86_64'
make -f ../Makefile.iptrules all;
make[2]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions'
make[3]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions/ACCOUNT'
make -f ../../Makefile.iptrules all;
make[4]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions/ACCOUNT'
make[4]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions/ACCOUNT'
make[3]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions/ACCOUNT'
make[3]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions/pknock'
make -f ../../Makefile.iptrules all;
make[4]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions/pknock'
make[4]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions/pknock'
make[3]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions/pknock'
make[2]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions'
make[2]: Entering directory `/usr/local/src/xtables-addons-1.39/extensions'
if [ -n "/lib/modules/2.6.32-431.3.1.el6.x86_64/build" ]; then make -C /lib/modules/2.6.32-431.3.1.el6.x86_64/build M=/usr/local                                                                               /src/xtables-addons-1.39/extensions INSTALL_MOD_PATH= ext-mod-dir='${INSTALL_MOD_DIR}' modules_install; fi;
make[3]: Entering directory `/usr/src/kernels/2.6.32-431.3.1.el6.x86_64'
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/ACCOUNT/xt_ACCOUNT.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/compat_xtables.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/pknock/xt_pknock.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_CHAOS.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_DELUDE.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_DHCPMAC.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_DNETMAP.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_IPMARK.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_LOGMARK.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_STEAL.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_TARPIT.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_condition.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_fuzzy.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_geoip.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_iface.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_ipp2p.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_ipv4options.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_lscan.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_psd.ko
  INSTALL /usr/local/src/xtables-addons-1.39/extensions/xt_quota2.ko
  DEPMOD  2.6.32-431.3.1.el6.x86_64
/bin/sh: line 1: 29955 Killed                  /sbin/depmod -ae -F System.map 2.6.32-431.3.1.el6.x86_64
make[3]: *** [_emodinst_post] Error 137

make[3]: Leaving directory `/usr/src/kernels/2.6.32-431.3.1.el6.x86_64'
make[2]: *** [modules_install] Error 2
make[2]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions'
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/usr/local/src/xtables-addons-1.39/extensions'
make: *** [install-recursive] Error 1

Submitted by Johan (not registered) on Fri, 2014-03-07 13:57.
This happend when you have little memory on the box
Submitted by Johan (not registered) on Fri, 2014-03-07 00:27.
I figured it out. I was runnig a virtual server with only 512 mb ram and that was the problem add more ram and it installed.
Submitted by Will not working (not registered) on Wed, 2013-02-20 14:22.

I become many errors on this and found nothing to make it right.

 


# make
make  all-recursive
make[1]: Entering directory `/root/xtables-addons-2.1'
Making all in extensions
make[2]: Entering directory `/root/xtables-addons-2.1/extensions'
Xtables-addons 2.1 - Linux 2.6.32-279.14.1.el6.x86_64
if [ -n "/lib/modules/2.6.32-279.14.1.el6.x86_64/build" ]; then make -C /lib/modules/2.6.32-279.14.1.el6.x86_64/build M=/root/xtables-addons-2.1/extensions modules; fi;
make[3]: Entering directory `/usr/src/kernels/2.6.32-279.14.1.el6.x86_64'
  CC [M]  /root/xtables-addons-2.1/extensions/compat_xtables.o
/root/xtables-addons-2.1/extensions/compat_xtables.c:24:26: error: linux/export.h: No such file or directory
In file included from /root/xtables-addons-2.1/extensions/compat_xtables.c:26:
/root/xtables-addons-2.1/extensions/compat_xtnu.h:21: warning: ‘struct xt_action_param’ declared inside parameter list
/root/xtables-addons-2.1/extensions/compat_xtnu.h:21: warning: its scope is only this definition or declaration, which is probably not what you want
/root/xtables-addons-2.1/extensions/compat_xtnu.h:36: warning: ‘struct xt_action_param’ declared inside parameter list
/root/xtables-addons-2.1/extensions/compat_xtables.c:32: warning: ‘struct xt_action_param’ declared inside parameter list
/root/xtables-addons-2.1/extensions/compat_xtables.c: In function ‘xtnu_target_run’:
/root/xtables-addons-2.1/extensions/compat_xtables.c:34: error: dereferencing pointer to incomplete type
/root/xtables-addons-2.1/extensions/compat_xtables.c:36: warning: passing argument 2 of ‘nt->target’ from incompatible pointer type
/root/xtables-addons-2.1/extensions/compat_xtables.c:36: note: expected ‘const struct xt_action_param *’ but argument is of type ‘const struct xt_action_param *’
/root/xtables-addons-2.1/extensions/compat_xtables.c: In function ‘xtnu_register_target’:
/root/xtables-addons-2.1/extensions/compat_xtables.c:60: warning: assignment from incompatible pointer type
/root/xtables-addons-2.1/extensions/compat_xtables.c:61: warning: assignment from incompatible pointer type
make[4]: *** [/root/xtables-addons-2.1/extensions/compat_xtables.o] Error 1
make[3]: *** [_module_/root/xtables-addons-2.1/extensions] Error 2
make[3]: Leaving directory `/usr/src/kernels/2.6.32-279.14.1.el6.x86_64'
make[2]: *** [modules] Error 2
make[2]: Leaving directory `/root/xtables-addons-2.1/extensions'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/xtables-addons-2.1'
make: *** [all] Error 2
 

Submitted by Anonymous (not registered) on Fri, 2013-10-04 22:46.
Follow step by step in this tutorial.
Eeverything is describe, how to install and use iptables with geoip to block countries.
http://terminal28.com/how-to-block-countries-using-iptables-debian/
Submitted by Anonymous (not registered) on Tue, 2013-02-26 00:35.
Use 1.47 for that kernel version. 
Submitted by Anonymous (not registered) on Mon, 2013-03-11 14:19.

Thank you ;)

Now it works fine ;)

Submitted by gadelkareem (not registered) on Wed, 2012-03-14 17:38.

You can also use a list of IPs in a file to block them through Iptables

Using iptables to block ips that spam or attack your server

Submitted by Ankush Grover (not registered) on Mon, 2011-10-31 11:08.
If somehow the "make" fails on Centos 6 with the latest version of xtables-addons(1.3.9) then please disable "build_ipset6=m " in mconfig file. Regards Ankush
Submitted by Anonymous (not registered) on Thu, 2013-12-12 17:37.

Hi

 I am installing xtables_addons 1.47.1 in CentOS 6.5 x86_64

 and I have obtain this error.

 Do you know why? Could you help me please? I need install this extensions. I dont have build_ipset6 in mconfig

# make
make  all-recursive
make[1]: se ingresa al directorio `/var/sources/src/xtables-addons-1.47.1'
Making all in extensions
make[2]: se ingresa al directorio `/var/sources/src/xtables-addons-1.47.1/extensions'
Xtables-addons 1.47.1 - Linux 2.6.32-431.el6.x86_64
if [ -n "/lib/modules/2.6.32-431.el6.x86_64/build" ]; then make -C /lib/modules/2.6.32-431.el6.x86_64/build M=/var/sources/src/xtables-addons-1.47.1/extensions modules; fi;
make[3]: se ingresa al directorio `/usr/src/kernels/2.6.32-431.el6.x86_64'
  CC [M]  /var/sources/src/xtables-addons-1.47.1/extensions/compat_xtables.o
/var/sources/src/xtables-addons-1.47.1/extensions/compat_xtables.c: En la función ‘xtnu_ipv6_find_hdr’:
/var/sources/src/xtables-addons-1.47.1/extensions/compat_xtables.c:633: error: faltan argumentos para la función ‘ipv6_find_hdr’
make[4]: *** [/var/sources/src/xtables-addons-1.47.1/extensions/compat_xtables.o] Error 1
make[3]: *** [_module_/var/sources/src/xtables-addons-1.47.1/extensions] Error 2
make[3]: se sale del directorio `/usr/src/kernels/2.6.32-431.el6.x86_64'
make[2]: *** [modules] Error 2
make[2]: se sale del directorio `/var/sources/src/xtables-addons-1.47.1/extensions'
make[1]: *** [all-recursive] Error 1
make[1]: se sale del directorio `/var/sources/src/xtables-addons-1.47.1'
make: *** [all] Error 2

Thanks in advance

Submitted by adoyl (not registered) on Wed, 2014-02-12 17:03.
/lib/modules/your_kernel_version/build/include/linux/autoconf.h
comment this #define CONFIG_IP6_NF_IPTABLES_MODULE 1
Submitted by Anonymous (not registered) on Mon, 2014-02-24 14:01.
Thanks, adoyl:

 I've been looking it, but the line you say was commented.

 Any other idea?

Submitted by adoyl (not registered) on Thu, 2014-03-06 11:17.
You can write this  /*#define CONFIG_IP6_NF_IPTABLES_MODULE 1*/
Submitted by Anonymous (not registered) on Fri, 2014-03-21 12:26.

It runs with this comment. Thank you very much.

The file is in /usr/src/kernels/2.6.32-431.5.1.el6.x86_64/include/linux/autoconf.h

 or

 

/usr/src/kernels/kernelversion/include/linux/autoconf.h

 In my case, the build link in /lib/modules/2.6.32-431.el6.x86_64 is broken in CentOS 6.5.

Regards

Submitted by Anonymous (not registered) on Thu, 2014-12-18 16:12.

It is harmful. Doing that change will cause kernel modules built afterwards to be potentially incompatible with your kernel and cause crashes.

The proper solution is not to doctor around with config switches, but instead to prepare the source to compile with the very special RHEL kernel API.

Sincerely.

Submitted by Anonymous (not registered) on Tue, 2011-08-23 15:33.

Thanks for writing this article.  The information you have provided here will definitely help protect my email server from the Chinese/Korean/Russian spammers.  Defense in depth is always a good thing.

I do have to agree with the previous poster's comment re: SELinux.  It performs an important function and in my opinion should not be disabled.  Usually people disable it because they don't understand it, and until I took some time to learn it, I was one of those folks, too.  Now that I've learned the basics of it, I always leave it on and make an exception--if I need to--for the specific service that's affected by it.  Or, even better, I'll just change the security context of the applicable file/object.  SETroubleshoot is very helpful in these cases to track down what needs to be tweaked.

One other thing.  For those who prefer not to install the RPMForge repository, you can get the same module directly from CPAN.  It's the "Text::CSV_XS" module.  This should work on any GNU/Linux distro.

Submitted by TiTex (registered user) on Tue, 2011-08-23 09:16.
by the way , maxmind geoip database is updated at the begining of every month so you should rebuild the database on you box also once in a while
Submitted by Pieter (not registered) on Mon, 2011-08-22 19:22.
I do not understand why HowToForge keeps giving users BAD advice to turn off SELinux. You really should stop doing that. SELinux is a tremendously good help to keep your server secure. And if some apps do not work with SELinux then those apps should ship with a proper SELinux policy. Turning off SELinux is NOT the solution and BAD advice.
Submitted by TiTex (registered user) on Tue, 2011-08-23 09:13.

i agree , but most people don't know how to work with selinux permissions so that was the easy way to get arround it.

and here is the not so hard way to load the modules with selinux enabled and enforced, you have to change the security context permisions of the modules

chcon -vR --user=system_u /lib/modules/*/extra/*.ko

and

chcon -vR --type=lib_t /lib/xtables/*.so

Submitted by Anonymous (not registered) on Mon, 2011-09-26 12:41.