Gentoo Blog

1. Download the newest patch-0-matic snapshot from

ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/.

2. unpack with tar -xjvf filename

3. Check if Your iptables was compiled with the extensions USE flag.

4. run ebuild /usr/portage/net-firewall/iptables/iptables-1.3.8-r1.ebuild unpack

5. run ebuild /usr/portage/net-firewall/iptables/iptables-1.3.8-r1.ebuild compile

6. Change dir to unpacked patch-o-matic-ng dir

7. For the patch-o-matic module connlimit you must run ./runme --download

8. From there execute this one-liner

(you need to change KERNEL_DIR [/usr/src/linux],
IPTABLES_DIR [1.3.8-r1] and patches from p-o-m You want to apply [connlimit])

IPTABLES_DIR=/var/tmp/portage/net-firewall/iptables-1.3.8-r1/work/iptables-1.3.8 KERNEL_DIR=/usr/src/linux ./runme connlimit

9. Now kernel and iptables sources are patched. It’s time to rebuild kernel (modules ) and iptables. Change to Your kernel sources dir

10. cd /usr/src/linux

11. make menuconfig

12 . And choose you new modules

13. Now rebuild kernel modules and install them

14. make modules modules_install

15. Now You need to compile and install iptables (change dirs accordingly)

15. ebuild /usr/portage/net-firewall/iptables/iptables-1.3.8-r1.ebuild install
ebuild /usr/portage/net-firewall/iptables/iptables-1.3.8-r1.ebuild qmerge

16. If You have automatic kernel module loading compiled in the kernel Your modules will be loaded
automatically each time iptables need it. Else You should load appropriate modules

17. modprobe ipt_connlimit

Don’t forget! You need to repeat this whole procedure each time You update Your kernel or iptables!!!!