没什么好介绍的!穷屌丝一个~
分类: LINUX
2007-06-03 00:31:52
重點 (以 kernel 2.6.13 為例, 不同的核心版本排列方式不一定相同):
Code maturity level options --> [*] Prompt for development and/or incomplete code/drivers
Networking --> Networking options -->
[*] Network packet filtering (replaces ipchains) -->
IP: Netfilter Configuration -->
Connection tracking (required for masq/NAT)
[*] Connection tracking flow accounting
IP tables support (required for filtering/masq/NAT)
Layer 7 match support make bzImage (kernel 2.4 需先執行 make dep)
make modules
make modules_install
make install
安裝 Layer 7 Patches 更新過的 iptables
至 下載 iptables source
解包至 /usr/local/src, 本篇以 iptables-1.3.7 為例
cd /usr/local/src/iptables-1.3.7
patch -p1 < ../netfilter-layer7-v2.0/iptables-layer7-2.0.patch
chmod +x ./extensions/.layer7-test
make KERNEL_DIR=/usr/src/linux
make install KERNEL_DIR=/usr/src/linux若原本已安裝 iptables 套件的處理
cd /sbin
mv iptables iptables.old
ln -s /usr/local/sbin/iptables iptableschkconfig iptables on
vi /boot/grub/menu.lst (改成預設以新的 kernel 開機)
reboot
使用 iptables layer-7 filter
iptables -t mangle -A PREROUTING -m layer7 --l7proto yahoo -j DROP (禁止 Yahoo! Messenger 封包)
