iptables內核編譯

                           iptables內核編譯

1.    瞭解需要了解內核編譯用到的4個包

  linux-2.6.28.10.tar.gz

  netfilter-layer7-v2.22.tar.gz

  l7-protocols-2009-05-28.tar.gz

  iptables-1.4.4.tar.bz2

2. tar zxvf  linux-2.6.28.10.tar.gz  -C  /usr/src

tar zxvf  netfilter-layer7-v2.22.tar.gz  -C  /usr/src

  ln –s  /usr/src/linux-2.6.28.10/   /usr/src/linux

 cd /usr/src/linux/

patch-p1<  ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch （打補丁）

3. cp /boot/config-2.6.18-164.el5  /usr/src/linux/.config

system-config-packages（打開圖形界面，選擇要安裝的包）

make  menuconfig

4.打開圖形界面，進行選擇：

Networking support → Networking Options →Network packet filtering framework →Code Netfilter Configuration

Ü   <M>  Netfilter connection tracking support

Ü   <M>  “layer7” match support

Ü   <M>  “string” match support

Ü   <M>  “time”  match support

Ü   <M>  “iprange”  match support

Ü   <M>  “connlimit”  match support

Ü   <M>  “state”  match support

Ü   <M>  “conntrack”  connection  match support

Ü   <M>  “mac”  address  match support

Ü   <M>   "multiport" Multiple port match support

Ü   <M>FTP Protocols Support

5. Networking support → Networking Options →Network packet filtering framework → IP: Netfilter Configuration

Ü   <M> IPv4 connection tracking support (required for NAT)

Ü   <M>   Full NAT

Ü   <M>     MASQUERADE target support                                                                                   <M>     NETMAP target support                                                                               <M>     REDIRECT target support

6.Start compiling and installing

Ü   make

Ü   make modules_install

Ü   make install

Ü   7. Edit the /boot/grub/grub.conf, set the default booting kernel to the new kernel

Ü   Restart

8. cp /etc/rc.d/init.d/iptables ~/iptables

Ü   rpm  -e  iptables-ipv6  iptables  iptstate  --nodeps

Ü   tar jxvf iptables-1.4.4.tar.bz2 –C  /usr/src

Ü    cd /usr/src/iptables-1.4.4

Ü   cp ../netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.*   ./extensions/

Ü   ./configure  --prefix=/usr --with-ksource=/usr/src/linux

Ü   make

Ü   make install

9. tar zxvf l7-protocols-2009-05-28.tar.gz

v   # cd l7-protocols-2009-05-28

v   # make install

 

v   # mv ~/iptables  /etc/rc.d/init.d/

v   # service iptables start

(mv iptables-config.rpmsave  iptables-config

ln –s /usr/sbin/iptables /sbin/iptables)

L7-filter Supported Protocols

 

v   bittorrent

Ü   P2P filesharing / publishing tool

v   edonkey

Ü   eDonkey2000 - P2P filesharing

v   kugoo

Ü   KuGoo - a Chinese P2P program

v   msn-filetransfer

Ü   MSN (Micosoft Network) Messenger file transfers

v   msnmessenger

Ü   Microsoft Network chat client

v   pplive

Ü   Chinese P2P streaming video

v   qq

v   xunlei