IPSET-NG tuning and compile options


Pre required library

IPSET-NG version <= 1.0.1 require next step..


Default make step:

  • run ./configure --help - for more features
  • run make help - for help about compile part of package
  • ./configure ; make ; make install - compile all part of package
  • make clean - clean temporary objects
  • before assembling the next packet, run the following command: make clean

When assembling the ipsetd-ng server part of the package, the system will create a ipset-ng-<date>.tar.gz file in source directory for assembly on other laptops.
This is due to the use of SSL certificates. If you do not use SSL and collect the package with the appropriate flags make IPSNG_ENABLE_LIBOSSL=NO, these steps are not required.

  • assembling and install all part of package
    ./configure
    make
    make install
    make clean
  • copmile ipsetd-ng: main server software daemon
    make ipsetd
    make drivers ; make install-drivers
    edit /etc/ipsetd-ng/ipsetd-ng.conf
    /etc/rc.d/init.d/ipsetd-ng.init start
  • copmile sensor-ng: log files sensor ipsetd-ng client
    make sensord
    edit /etc/sensord-ng.conf
    /etc/rc.d/init.d/sensord-ng.init start
  • copmile MTA milter-ng module: mail transport filter ipsetd-ng client
    make milterd
    edit /etc/milterd-ng.conf
    /etc/rc.d/init.d/milterd-ng.init start
  • copmile command line ipsetcmd-ng utility: direct to kernel manage ipset/iptables
    make ipsetcmd
    make drivers ; make install-drivers
    # if needed, copy and edit ./misc/startup/config/ipsetcmd-ng.conf to '/etc' or '$HOME' directory,
    # and edit them.
  • copmile command line connect-ng utility: remote ipsetd-ng client
    make connect
  • copmile command line jstest-ng utility: user JavaScript test shell
    make jstest
  • copmile monitor-ng: visual monitoring ipsetd-ng, sensor-ng and milter-ng daemons
    make monitor
  • copmile http apache module: IP address filter for Apache HTTPD server
    make apache ; make clean
  • copmile http nginx module: IP address filter for Nginx HTTPD server
    make nginx ; make clean
  • copmile libipsng C/C++ client library: quick API to write client software in C/C++
    make libips
  • copmile Perl libipsng client module: quick API to write client software in Perl
    make perllibips ; make clean

or another method:

    cd src/modules/libipsng/Perl/IpsetNg
    perl Makefile.PL
    make test
    make install
    make clean
  • copmile Python libipsng client module: quick API to write client software in Python
    make pylibips ; make clean

or another method:

    cd src/modules/libipsng/Python
    ./configure.sh
    ./configure.sh --clean

to uninstall IpsetNg Python module, run to root of unzipped archive directory:

    ./configure.sh --uninstall


Configure tuning compile option:

  • run ./configure --help for show more features:
    • --with-lang=arg - USE output message is language UTF-8 charset: RU | EN, is select RU - use russian language, EN - english language [default=EN]
    • --with-jsonp=arg - USE mode to JSON packet parser, arg is old or new, no recommended change default value [default=old]
    • --with-log-parse=arg - USE Log parse mode, valid arg: pipe | systemd | none, if not defined none, require installed PCRE library.. [default=pipe]
    • --with-any-net - USE all part in package only local interface, if defined, access only from interface 'lo' 127.0.0.1 [default=any net support]
    • --enable-llalloc - USE fast lockless memory allocator, recomended use this, if no support your system, no select this options, more info.. [default=disabled]
    • --disable-ssl - NOT use OpenSSL support for secure connections, if not defined, require installed library version > 1.0.x, more info.. [default is library installed=enable]
    • --disable-jsscr - NOT use user-side JsavaScript extension, require include in package libmujs library, more info.. [default=installed]
    • --disable-maxmind - NOT use MaxMind GeoIP extension, if not defined, require installed GeoIP library.. [default is library installed=enable]
    • --disable-ipset - NOT use ipset extension support, if not defined, require installed libiptc library.. [default is library installed=enable]
    • --disable-iptables - NOT use iptables extension support, if not defined, require installed libiptc library.. [default is library installed=enable]
    • --disable-iptables6- NOT support IPV6, if not defined, require iptables libiptc library, more info.. [default is library installed=enable]
  • enable/disable driver part of package:
    • --disable-drv-mysql - NOT mysql driver compile, if not defined, require MySQL library, more info.. [default=compile]
    • --disable-drv-dbi - NOT DBI driver compile, if not defined, require DBI library, more info.. [default=compile]
    • --disable-drv-sqlite - NOT SQLite driver compile, library SQLite include in IPSET-NG package, more info.. [default=compile]
    • if defined --disable-ipset and/or --disable-iptables, drivers drv-ipset and/or drv-ipt46 always disabled
  • enable/disable program part of package:
    • --disable-prg-ipsetd-ng - NOT compile IPSETD-NG main access control daemon [default=compile]
    • --disable-prg-milterd-ng - NOT compile MILTERD-NG MTA filter daemon [default=compile]
    • --disable-prg-sensord-ng - NOT compile SENSORD-NG Log parse daemon [default=compile]
    • --disable-prg-connect-ng - NOT compile CONNECT-NG network command line interface [default=compile]
    • --disable-prg-ipsetcmd-ng - NOT compile IPSETCMD-NG firewall command line utility [default=compile]
    • --disable-prg-monitor-ng - NOT compile MONITOR-NG control application [default=compile]
    • --disable-prg-jstest-ng - NOT compile JSTEST-NG test JavaScript utility [default=compile]
    • --disable-prg-libips-ng - NOT compile LIBIPS-NG client developer library [default=compile]
      • --enable-shared - if enable libips: build shared libraries [default=yes]
      • --enable-static - if enable libips: build static libraries [default=yes]
  • path and directory part:
    • --prefix=arg - install architecture-independent files in PREFIX [default=/usr]
    • --with-IPSNG_DIR_CONF=dir - USE directory to main configuration files [default=sysconfdir/ipset-ng]
    • --with-IPSNG_DIR_INIT=dir - USE System V install init script [default=sysconfdir/rc.d/init.d]
    • --with-IPSNG_DIR_DRV=dir - USE directory to IPSET-NG drivers installed [default=libdir/ipset-ng]
  • compiler and preprocessor option part:
    • --with-pic - try to use only PIC/non-PIC objects [default=use both]
    • --with-gnu-ld - assume the C compiler uses GNU ld [default=no]
    • --enable-silent-out - OUTPUT full information printed to screen, default is silent/quiet mode [default=yes]
    • --enable-debug - USE debuggging output version compiled enable, warning: not use in stand-alone server side [default=no]
    • --disable-check-warnings - USE compile with warnings flags: -Wall -Wpointer-arith -Wstrict-prototypes [default=enable]
  • not use to normal make process:
    • --enable-maintainer-mode - make rules and dependencies not useful [default=disable]
    • --enable-no-backup - OUTPUT configuration: no restore makefile source mode [default=disable]
    • --disable-libtool-lock - avoid locking, might break parallel builds [default=disable]
    • --disable-dependency-tracking - reject slow dependency extractors, not recomended use it [default=disable]

Specifying make environment variables:

  • CC - C compiler command
  • CPP - C preprocessor
  • CFLAGS - C compiler flags, this usually specifies compiler flags and is often appended to, so take special note of the append examples in the table above.
  • LDFLAGS - linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir>
  • LIBS - libraries to pass to the linker, e.g. -l<library>
  • CPPFLAGS - C/C++/Objective C preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir>
  • PKG_CONFIG - path to pkg-config utility
  • IPSNG_ENABLE_LANG - compile to help language select: RU | EN
  • IPSNG_ENABLE_ANYNET - if compile sensor-ng without this flag does not usable remote ipsec-ng server, for support remote, rebuild witch this flag. Is use this flag on compile server part ipset-ng, uses all ethernet address from server to bind. For single ipsetd-ng in localhost use flag make make IPSNG_ENABLE_ANYNET=NO. If this flag set, ipsetd-ng to allow all interface bind, or not set, bind only loopback interface. Valid values: YES | NO
  • IPSNG_ENABLE_LIBOSSL - compile support/unsupport OpenSSL for make secure connection, needed installed library version > 1.0.x. Valid values: YES | NO
  • IPSNG_ENABLE_LIBIPS - compile support/unsupport netfilter ipset operation. Valid values: YES | NO
  • IPSNG_ENABLE_LIBIPT - compile support/unsupport netfilter iptables kernel operation. Valid values: YES | NO
  • IPSNG_ENABLE_LIBIPT6 - compile support/unsupport IPV6 netfilter iptables kernel operation extension. Valid values: YES | NO

Specifying make command line options:



    # make help

            -*- Programm part:
            --- copmile all package: make ; make install
            --- copmile ipsetd-ng: make ipsetd
            --- copmile sensor-ng: make sensord
            --- copmile connect-ng: make connect
            --- copmile ipsetcmd-ng: make ipsetcmd
            --- copmile jstest-ng: make jstest
            --- copmile monitor-ng: make monitor
            --- copmile MTA milter-ng module: make milterd
            --- copmile http apache module: make apache
            --- copmile http nginx module: make nginx
            --- copmile libipsng C/C++ client library: make libips
            --- copmile Perl libipsng module: make perllibips
            --- copmile Python libipsng module: make pylibips

            -*- Driver:
            --- copmile *all* drivers: make drivers
            --- copmile ipset/iptables driver: make drv-ipset
            --- copmile iptables driver: make drv-ipt46
            --- copmile DBI driver: make drv-dbi
            --- copmile MySQL driver: make drv-mysql
            --- copmile SQLite driver: make drv-sqlite
            --- install *all* drivers: make install-drivers

            -*- Other stuff:
            --- copmile MTA libmilter library: make libmilter
            --- copmile JavaScript libmujs library: make scriptjs
            --- copmile lockless memory allocator library: make llalloc

            -*- Check Update:
            --- check version IPSET-NG package: make check-version
            --- update new version IPSET-NG package: make update-version


Special maintainer make command line options:

  • print-<VARIABLE NAME> - print information about variable, example:

    # make print-MAKE_VERSION
          origin = default
          flavor = simple
          value = 3.81



  Meta Tags: IPSET-NG compiler options