linux 七层防火墙,iptables防火墙实现七层过滤对应用层的过滤

一)iptables防火墙实现七层过滤对应用层的过滤。(应用模块layer7)

图如下：

1)对内核先打补丁，打上layer7的模块，然后重新编译内核

tar xf netfilter-layer7-v2.23.tar.bz2

useradd mockbuild 先创建一个用户，如不创建下面安装内核会有错误。

rpm -ivh kernel-2.6.32-431.5.1.el6.src.rpm

tar xf linux-2.6.32-431.5.1.el6.tar.bz2 -C /usr/src/获取新的源码，然后打补丁

ln -sv linux-2.6.32-431.5.1.el6 linux

cp /boot/config-2.6.32-358.el6.x86_64 .config以模板方式来配置

打补丁

[root@station141 linux]# patch -p1 

Hunk #1 succeeded at 894 (offset 99 lines).

patching file net/netfilter/Makefile

Hunk #1 succeeded at 96 (offset 12 lines).

patching file net/netfilter/xt_layer7.c

patching file net/netfilter/regexp/regexp.c

patching file net/netfilter/regexp/regexp.h

patching file net/netfilter/regexp/regmagic.h

patching file net/netfilter/regexp/regsub.c

patching file net/netfilter/nf_conntrack_core.c

Hunk #1 succeeded at 201 with fuzz 1.

patching file net/netfilter/nf_conntrack_standalone.c

Hunk #1 succeeded at 171 with fuzz 2 (offset 6 lines).

patching file include/net/netfilter/nf_conntrack.h

Hunk #1 succeeded at 123 (offset 5 lines).

p