fedora core4
[1.]
cd /usr/src/kernels
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.3.tar.bz2
wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.1.tar.gz
wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2006-01-22.tar.gz
wget ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.5.tar.bz2
[2.]
tar jxvf linux-2.6.15.3.tar.bz2
tar zxvf netfilter-layer7-v2.1.tar.gz
cp netfilter-layer7-v2.1/kernel-2.6.13-2.6.15-layer7-2.1.patch linux-2.6.15.3/
cd linux-2.6.15.3/
patch -p1 < kernel-2.6.13-2.6.15-layer7-2.1.patch
make menuconfig
Networking —>
Networking options —>
[*] Network packet filtering (replaces ipchains) —>
IP: Netfilter Configuration —>
<M> Connection tracking (required for masq/NAT)
[*] Connection tracking flow accounting
<M> IP tables support (required for filtering/masq/NAT)
<M> Layer 7 match support (EXPERIMENTAL)
vi Makefile
EXTRAVERSION = .3-l7filter
make
make modules_install
make install
reboot
[3.]
tar jxvf iptables-1.3.5.tar.bz2
cd iptables-1.3.5
cp ../netfilter-layer7-v2.1/iptables-layer7-2.1.patch ./
patch -p1 < iptables-layer7-2.1.patch
chmod +x extensions/.layer7-test
make KERNEL_DIR=/usr/src/kernels/linux-2.6.15.3
make install KERNEL_DIR=/usr/src/kernels/linux-2.6.15.3
[4.]
tar zxvf l7-protocols-2006-01-22.tar.gz
mv l7-protocols-2006-01-22 /etc/l7-protocols
[5.]
/usr/local/sbin/iptables -V
iptables v1.3.5
[6.] 測試,–l7proto後面接的名稱由/etc/l7-protocols目錄中得知
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto http -j DROP
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto msnmessenger -j DROP
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto yahoo -j DROP
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto aim -j DROP
留言