IPSET-NG tuning and compile options

This method only allowed to version IPSET-NG package <= 1.0.1


Pre required library


Default make step:

  • view & edit makeopt.inc for more features
  • make ; make clean - precompile ipset-ng system library
  • make ipsetd - compile ipset-ng server application
  • make <selected package>
  • make help - for help about package
  • before assembling the next packet, run the following command: make clean

To build any of this package application, you must first build the application ipsetd-ng server.
When assembling the ipsetd-ng server part of the package, the system will create a ipset-ng-<date>.tar.gz file in source directory for assembly on other laptops.
This is due to the use of SSL certificates. If you do not use SSL and collect the package with the appropriate flags make OSSL=NO, these steps are not required.

  • pre-copmile ipset system library: dependent library and tools
    make ; make clean
    make help
  • copmile ipsetd-ng: main server software daemon
    make ipsetd ; make clean
    edit /etc/ipsetd-ng.conf
    /etc/rc.d/init.d/ipsetd-ng.init start
  • copmile sensor-ng: log files sensor ipsetd-ng client
    make sensord ; make clean
    edit /etc/sensord-ng.conf
    /etc/rc.d/init.d/sensord-ng.init start
  • copmile MTA milter-ng module: mail transport filter ipsetd-ng client
    make milterd ; make clean
    edit /etc/milterd-ng.conf
    /etc/rc.d/init.d/milterd-ng.init start
  • copmile command line ipsetcmd-ng utility: direct to kernel manage ipset/iptables
    make ipsetcmd ; make clean
  • copmile command line connect-ng utility: remote ipsetd-ng client
    make connect ; make clean
  • copmile command line jstest-ng utility: user JavaScript test shell
    make jstest ; make clean
  • copmile monitor-ng: visual monitoring ipsetd-ng, sensor-ng and milter-ng daemons
    make monitor ; make clean
  • copmile http apache module: IP address filter for Apache HTTPD server
    make apache ; make clean
  • copmile http nginx module: IP address filter for Nginx HTTPD server
    make nginx ; make clean
  • copmile libipsng C/C++ client library: quick API to write client software in C/C++
    make libips ; make clean
  • copmile Perl libipsng client module: quick API to write client software in Perl
    make perllibips ; make clean

or another method:

    cd src/modules/libipsng/Perl/IpsetNg
    perl Makefile.PL
    make test
    make install
    make clean
  • copmile Python libipsng client module: quick API to write client software in Python
    make pylibips ; make clean

or another method:

    cd src/modules/libipsng/Python
    ./configure.sh
    ./configure.sh --clean

to uninstall IpsetNg Python module, run to root of unzipped archive directory:

    ./configure.sh --uninstall


Tuning compile option:

  • -DIPSET_NG_INET_ADDR | make ANYNET=YES | ANYNET=NO - if compile sensor-ng without this flag does not usable remote ipsec-ng server, for support remote, rebuild witch this flag. Is use this flag on compile server part ipset-ng, uses all ethernet address from server to bind. For single ipsetd-ng in localhost use flag make ANYNET=NO. If this flag set, ipsetd-ng to allow all interface bind, or not set, bind only loopback interface.
  • -DLANG_EN | -DLANG_RU | make LANG=RU/EN - compile to help language select
  • Default support GeoLocation from IP2Location - built-in engine and MaxMind extended library.
  • -DIPSET_NG_GEO_MAXMIND_SUPPORT - compile to support GeoIP from MaxMind, needed precompiled library install
    • command and base name for MaxMind GeoIP using:
      • GeoIP.dat - country2 | country3
      • GeoIPCity.dat - city | latlng | zipc
      • GeoIPISP.dat - isp
      • GeoIPASNum.dat - asn
      • GeoIPOrg.dat - org
      • GeoIPRegion.dat - region
      • GeoIPNetSpeed.dat - netspeed
      • GeoIPDomain.dat - domain
      • support MaxMind GeoLite noncommercial geobase
    • command for IP2Location GeoIP using:
      • country2 | country3 | city | isp | region | area | weather | domain | zipc | timez | latlng | utype | netspeed | utype
  • -DIPSET_NG_USRSC_SUPPORT - compile to support client-side JavaScript, see user JavaScript API or <ipset-ng-src-dir>/userscript/*.js for more info.
  • make LIPS=YES | make LIPS=NO - compile support/unsupport netfilter ipset operation.
  • make LIPT=YES | make LIPT=NO - compile support/unsupport netfilter iptables kernel operation.
  • make USRSCR=NO - no support user JavaScript.
  • make JSONP=old | make JSONP=new - compiled to old or new JSON parser, default use is old, no recommended change.
  • -DIPSET_NG_LOG_PIPE | -DIPSET_NG_LOG_SYSTEMD | -DIPSET_NG_LOG_NONE | make LOGPARSE=PIPE | make LOGPARSE=SYSTEMD | make LOGPARSE=NONE - LOG file engine, if you system is alredy installed PCRE library, if not, download & install, is missing PCRE - does not support parse LOG file engine.
  • make LLALLOC=YES | make LLALLOC=NO - (default) compile to use fast lockless memory allocator, if no support your system, select disabled this options.
  • make OSSL=YES | make OSSL=NO - use OpenSSL for make secure connection, needed installed library version > 1.0.x.
  • make IPV6=YES | make IPV6=NO - compile support Internet porotocol version 6.
  • make DEBUG=YES | make DEBUG=NO - compiled is debug version.


Edit file <ipset-ng-src-dir>/makeopt.inc before compile ipset-ng for more tuning options.


makeopt.inc


    #
    # language select: RU / EN
    LANG = EN

    #
    # compile ipset netfilter operation support: YES / NO
    LIPS = YES

    #
    # compile iptables netfilter operation support: YES / NO
    LIPT = YES

    #
    # compile user JsavaScript extension: YES / NO
    USRSCR = YES

    #
    # Log parse mode: PIPE / SYSTEMD / NONE
    # needed installed PCRE library http://www.pcre.org/
    LOGPARSE = PIPE

    #
    # use Loopback or any ethernet bind address: YES / NO
    ANYNET = YES

    #
    # use fast lockless memory allocator: YES / NO
    # if trouble is compile lockless allocator, says NO
    LLALLOC = YES

    #
    # use OpenSSL for secure connection: YES / NO
    # needed installed library version > 1.0.x
    # for more info: https://www.openssl.org/
    OSSL = YES

    #
    # use json parser: new / old
    # default use is old, no recommended change
    JSONP = old

    #
    # compile is debug version
    DEBUG = NO

    #
    # compile support Internet porotocol version 6
    IPV6 = YES



  Meta Tags: IPSET-NG compiler options