fedora core4

[1.]
cd /usr/src/kernels
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.3.tar.bz2
wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.1.tar.gz
wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2006-01-22.tar.gz
wget ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.5.tar.bz2

[2.]
tar jxvf linux-2.6.15.3.tar.bz2
tar zxvf netfilter-layer7-v2.1.tar.gz
cp netfilter-layer7-v2.1/kernel-2.6.13-2.6.15-layer7-2.1.patch linux-2.6.15.3/
cd linux-2.6.15.3/
patch -p1 < kernel-2.6.13-2.6.15-layer7-2.1.patch

make menuconfig

Networking —>
    Networking options —>
        [*] Network packet filtering (replaces ipchains) —>
            IP: Netfilter Configuration —>
                <M> Connection tracking (required for masq/NAT)
                [*] Connection tracking flow accounting
                <M> IP tables support (required for filtering/masq/NAT)
                <M> Layer 7 match support (EXPERIMENTAL)

vi Makefile

EXTRAVERSION = .3-l7filter

make
make modules_install
make install
reboot

[3.]
tar jxvf iptables-1.3.5.tar.bz2
cd iptables-1.3.5
cp ../netfilter-layer7-v2.1/iptables-layer7-2.1.patch ./
patch -p1 < iptables-layer7-2.1.patch
chmod +x extensions/.layer7-test
make KERNEL_DIR=/usr/src/kernels/linux-2.6.15.3
make install KERNEL_DIR=/usr/src/kernels/linux-2.6.15.3

[4.]
tar zxvf l7-protocols-2006-01-22.tar.gz
mv l7-protocols-2006-01-22 /etc/l7-protocols

[5.]
/usr/local/sbin/iptables -V

iptables v1.3.5

[6.] 測試,–l7proto後面接的名稱由/etc/l7-protocols目錄中得知
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto http -j DROP
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto msnmessenger -j DROP
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto yahoo -j DROP
/usr/local/sbin/iptables -t mangle -I POSTROUTING -m layer7 –l7proto aim -j DROP

Related posts 相關文章
ipset 是什麼,算是 iptables 的管理工具
More...
使用 iptables 的 hex string 阻擋攻擊
More...
Centos7 服務無法啟動 enable or restart failed
More...
APF = Advanced Policy Firewall 底層是 iptables 的防火牆工具
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。