环境
lfs 6.1
kernel 2.6.16.8
iptables 1.3.5
注意:在kernel中“Code maturity level options”代码成熟度选项 必须选择,否则无法在kernel找到l7模块
# tar xvf l7-protocols-2006-06-03.tar.gz -C /root
# tar xvf netfilter-layer7-v2.2.tar.gz -C /root
# cd /root/linux-2.6.16.8
# patch -p1 < ../netfilter-layer7-v2.2/kernel-2.6.13-2.6.16-layer7-2.2.patch
# make menuconfig
Networking --->
Networking options --->[*] Network packet filtering (replaces ipchains) --->
IP: Netfilter Configuration --->
Layer 7 match support (EXPERIMENTAL)
[*] Layer 7 debugging output
# make
# make modules_install
# cp -v arch/i386/boot/bzImage /boot/lfskernel //tab补全
# cp -v System.map /boot/Sys //tab补全
# reboot
# cd /root/iptables-1.3.5
# patch -p1 < /root/netfilter-layer7-v2.2/iptables-layer7-2.2.patch
# chmod 755 extensions/.layer7-test
# export KERNEL_DIR=/root/linux-2.6.16.8
# export IPTABLES_DIR=/root/iptables-1.3.5/
# make PREFIX=/usr/local/iptables/ LIBDIR=/lib/iptables/ BINDIR=/sbin
# make PREFIX=/usr/local/iptables/ LIBDIR=/lib/iptables/ BINDIR=/sbin install
#cd /root/l7-protocols-2006-06-03/
#Make install
#cd /etc/l7-protocols/protocols
#新建一文件qqq.pat,内容如下:
# The HttpAgent Connect Action
qqq
^\x43.+\x74\x65\x6e\x63\x65\x6e\x74.+\x0a$
注意:这个时候你任然无法使用iptables l7模块。错误提示为
iptables v1.3.5: Couldn't load match `layer7':/lib/iptables/libipt_layer7.so: cannot open shared object file: No such file or directory
解决
cd /lib/iptables/iptables/
cp * ../
提示说:/lib/iptables/libipt_layer7.so没有在:/lib/iptables下。但我安装完毕以后是在
/lib/iptables/iptables/libipt_layer7.so
所以要复制过去
#iptables -I FORWARD -p tcp -m layer7 --l7proto qq -j DROP
#iptables -I FORWARD -p tcp -m layer7 --l7proto qqq -j DROP
阅读(600) | 评论(0) | 转发(0) |
