linux iptables L7-filter
作者 佚名技术
来源 Linux系统
浏览
发布时间 2012-05-17
| ollowing options: Code maturity level options | Prompt for development and/or incomplete code/drivers Netfilter (Device Drivers | Netwo***ng support | Netwo***ng Options | Network packet filtering) Connection tracking (Network packet filtering | IP: Netfilter Configuration | Connection tracking) Connection tracking flow accounting and IP tables support (on the same screen) Layer 7 match support Next, compile the kernel, install it as usual, and reboot your machine with the new kernel. When compiling, you might see a warning, depending the compiler version: CC [M] net/ipv4/netfilter/ipt_layer7.o net/ipv4/netfilter/ipt_layer7.c:457: warning: initialization from incompatible pointer type Just ignore the warning and go . Applying the iptables Patch To apply the iptables patch, we need the iptables sources from http://www.netfilter.org. Go to the iptables source root and patch it with the patch provided by the L7-filter project. router:/usr/src/iptables-1.3.4# patch -p1 < ../ netfilter-layer7-v2.0-beta/iptables-layer7-2.0.patch patching file extensions/.layer7-test patching file extensions/libipt_layer7.c patching file extensions/libipt_layer7.man router:/usr/src/iptables-1.3.4# Because file permissions can''t be included in a patch, you need to set execute permission for the file extensions/.layer7-test. router:/usr/src/iptables-1.3.4# chmod x extensions/.layer7-test Next, we will compile iptables using make and specifying the path to our patched kernel. In our case: router:/usr/src/iptables-1.3.4# make KERNEL_DIR=/usr/src/ linux-2.6.12.5 Making dependencies: please wait... Extensions found: IPv4:CLUSTERIP IPv4:layer7 IPv4:recent IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt ... Now we will install iptables using the make install command and also specifying the path to the patched kernel. In our case: router:/usr/src/iptables-1.3.4# make install KERNEL_DIR=/usr/src/ linux-2.6.12.5 cp iptables /usr/local/sbin/iptables cp iptables.8 /usr/local/man/man8/iptables.8 ... Now, we''re almost done. Please note that the new iptables tool might be in a different folder than the original. For example, we can see that the make install command installed iptables in /usr/local/sbin/iptables because we didn''t specify the BINDIR option when compiling iptables. We also need to make sure that we''re using the right tool when issuing commands. We can verify that using iptables –V and comparing the versions we have: router:~# iptables -V iptables v1.2.11 router:~# type iptables iptables is hashed (/sbin/iptables) router:~# /usr/local/sbin/iptables -V iptables v1.3.4 Protocol Definitions First, we need to download the protocol definitions archive from the L7-filter project page at sourceforge, http://prdownloads.sourceforge.net/l7-filter/ l7-protocols-2006-06-03.tar.gz?download. Next, we need to copy the pattern files (.pat) from the archive to the /etc/l7-protocols folder. router:/usr/src/l7-protocols-YYYY-MM-DD# mkdir /etc/l7-protocols router:/usr/src/l7-protocols-YYYY-MM-DD# cp prot |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于linux iptables L7-filter的所有评论
