重新编译iptables

                                              重新编译iptables

一．重新编译后的内核版本为：<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />2.6.28.10

重新编译后的iptables的版本为：1.4.4，新添加了layer7的模块，使iptables可以工作在应用层

二．编译时需要用到的四个软件包为：

linux-2.6.28.10.tar.gz

netfilter-layer7-v2.22.tar.gz

iptables-1.4.4.tar.bz2<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

l7-protocols-2009-05-28.tar.gz

三．步骤：

1. tar zxvf  linux-2.6.28.10.tar.gz  -C  /usr/src

2. tar zxvf  netfilter-layer7-v2.22.tar.gz  -C  /usr/src

3. ln –s  /usr/src/linux-2.6.28.10/   /usr/src/linux

4. cd /usr/src/linux/

5. patch -p1  <  ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch

6. cp /boot/config-2.6.18-164.el5  /usr/src/linux/.config

7. make  menuconfig（在make menuconfig之前，要确认你的gcc开发工具装上）

8.

Networking support → Networking Options →Network packet filtering framework →Code Netfilter Configuration

<M>  Netfilter connection tracking support

<M>  FTP protocol support

<M>  “layer7” match support

<M>  “string” match support

<M>  “time”  match support

<M>  “iprange”  match support

<M>  “connlimit”  match support

<M>  “state”  match support

<M>  “conntrack”  connection  match support

<M>  “mac”  address  match support

<M>   "multiport" Multiple port match support

9.

Networking support → Networking Options →Network packet filtering framework → IP: Netfilter Configuration

<M> IPv4 connection tracking support (required for NAT)

<M>   Full NAT

<M>MASQUERADEtargetsupport                                                                                  

 <M>NETMAPtargetsupport                                                                              

<M> REDIRECT target support

10. make

11.make modules_install

12.make install

然后编辑/boot/grub/grub.conf文件，设置default的值为0，然后重新启动计算机

13. cp /etc/rc.d/init.d/iptables ~/iptables

14. rpm  -e  iptables-ipv6  iptables  iptstate  --nodeps

15. tar jxvf iptables-1.4.4.tar.bz2 –C  /usr/src

16.cd /usr/src/iptables-1.4.4

17.cp ../netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.*   ./extensions/

18. ./configure  --prefix=/usr  --with-ksource=/usr/src/linux

19.make

20.make install

21.tar zxvf l7-protocols-2009-05-28.tar.gz

22. cd l7-protocols-2009-05-28

23.make install

24. mv ~/iptables  /etc/rc.d/init.d/

25.ln –sv /usr/sbin/iptables /sbin/iptables

25.service iptables start

然后就可以利用重新编译后的iptables做应用层的设置，以此达到希望的效果。

转载于:https://blog.51cto.com/liusy23/280370