Iptables implements packet filtering at the application layer

Last Update:2014-04-23 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Platform:
Linux5.4
Source code package:
Iptables-1.4.2.tar.bz2
L7-protocols-2008-10-04.tar.gz
Linux-2.6.25.19.tar.bz2
Netfilter-layer7-v2.20.tar.gz

Uninstall the original iptables. You can back up the iptables STARTUP script in advance and copy it later when you recompile iptables.
(/Etc/init. d/iptables)
Decompress the source code package to/usr/local/src;
Steps:
I. recompile the kernel
1. Merge kernel + layer7 Patches
# Tar jxvf linux-2.6.25.19.tar.gz2-C/usr/src/
# Tar zxvf netfilter-layer7-v2.20.tar.gz-C/usr/src/
# Cd/usr/src/linux-2.6.25.19/
# Patch-p1 </usr/src/netfilter-layer7-v2.20/kernel-2.6.25-layer7-2.20.patch
2. Configure the new kernel
# Cp/boot/config-2.6.18-8.el5. config
[The original kernel can be used or the kernel can be upgraded]
# Make menuconfig
[When configuring the kernel, pay attention to the following two points in "Networking ---> Networking Options ---> NetworkPacket filtering framework (Netfilter:
1) ---> Core Netfilter Configuration
// Compile "Netfilter connection tracking suport (NEW)" into a module (M). Select this option to see the configuration supported by layer7.
// Set layer7, string, state, time, IPsec, iprange, connlimit ...... Compile it into a module.
2) ---> IP: Netfilter Configuration
// Compile "IPv4 connection tracking support (require for NAT)" into a module.
// Compile "MASQUERADE target support" and "REDIRECT target support" under "Full NAT" into a module.
--->. Config
3. Compile and install modules and new kernels
# Make & make modules_install & make install
[After compilation and installation, restart and choose to use the new kernel (2.6.25.19) to boot the system]
Ii. recompile iptables
1. Uninstall existing iptables
# Rpm-eiptables -- nodeps

2. Merge iptables + layer7 Patches
# Tar jxvfiptables-1.4.2.tar.bz2-C/usr/src/
# CdS/usr/src/netfilter-layer7-v2.20/iptables-1.4.1.1-for-kernel-2.6.20forward/
# Cplibxt_layer7.c libxt_layer7.man/usr/src/iptables-1.4.2/extensions/

3. Compile and install
# Cd/usr/src/iptables-1.4.2/

#./Configure -- prefix =/-- with-ksource =/usr/src/linux-2.6.25.19
# Make & make install

4. Install the l7-protocols mode package
# Tar zxvfl7-protocols-2008-10-04.tar.gz-C/etc/
# Mv/etc/l7-protocols-2008-10-04/etc/l7-protocols

In this case, the test page has no rules:

For more details, please continue to read the highlights on the next page:

Recommended reading:

Linux Firewall iptables

Iptables + L7 + Squid implements a complete software firewall

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

Iptables usage Summary

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Iptables implements packet filtering at the application layer

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support