Iptables Learning Notes compilation kernel and iptables and installation L7proto

Last Update:2015-12-12 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Compile kernel and iptables and install L7proto

I. Introduction to the Environment

Operating system: Redhat5.8_64bit

Required Packages:

Linux-2.6.28.10.tar.gz

Netfilter-layer7-v2.22.tar.gz

L7-protocols-2009-05-28.tar.gz

iptables-1.4.6.tar.bz2

Installation steps:

1), Patch the kernel, and recompile the kernel

2), to Iptables source code patching, and recompile iptables

3), install L7proto

1. Patch the kernel and recompile the kernel

[[email protected] ~]# uname-r//redhat5.8 comes with kernel version is 2.6.18

2.6.18-308.el5

# tar ZXVF linux-2.6.28.10.tar.gz-c/usr/src//Unzip linux-2.6.28

# tar ZXVF netfilter-layer7-v2.22.tar.gz-c/usr/src//Unzip Netfilter-layer7

# cd/usr/src/

# ln-s linux-2.6.28 Linux

# cd/usr/src/linux/

# PATCH-P1 <. /netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch

Patching file Net/netfilter/kconfig

Patching file Net/netfilter/makefile

Patching file net/netfilter/xt_layer7.c

Patching file Net/netfilter/regexp/regexp.c

Patching file Net/netfilter/regexp/regexp.h

Patching file net/netfilter/regexp/regmagic.h

Patching file NET/NETFILTER/REGEXP/REGSUB.C

Patching file net/netfilter/nf_conntrack_core.c

Patching file net/netfilter/nf_conntrack_standalone.c

Patching file Include/net/netfilter/nf_conntrack.h

Patching file Include/linux/netfilter/xt_layer7.h

# Cp/boot/config-2.6.18-308.el5/usr/src/linux/.config

# Make Menuconfig

Tip: Make menuconfig before making sure that the following development environment is installed:

Development Libraries

Development Tools

Execution: Make Menuconfig the following error message:

Scripts/kconfig/mconf Arch/x86/kconfig

. Config:1365:warning:symbol value ' m ' Invalid for fixed_phy

. Config:1671:warning:symbol value ' m ' Invalid for ISDN

. Config:2789:warning:symbol value ' m ' Invalid for RTC_INTF_SYSFS

. Config:2790:warning:symbol value ' m ' Invalid for Rtc_intf_proc

. Config:2791:warning:symbol value ' m ' Invalid for Rtc_intf_dev

. Config:2813:warning:symbol value ' m ' Invalid for Dma_engine

Your display is too small to run menuconfig!

It must is at least lines by columns.

MAKE[1]: * * * [menuconfig] Error 1

Make: * * * [menuconfig] Error 2

Cause: The terminal window size has been caused.

General Setup---> () Local version-append to kernel release--Input:-layer7-->ok---Exit

Processor type and features---> Processor family (generic-x86-64)---> (X) Core 2/newer Xeon

Networking support→networking options→network Packet filtering Framework→core netfilter Configuration

<M> NetFilter Connection Tracking support

<M> "Layer7" match support

<M> "string" Match support

<M> "Time" match support

<M> "IPRange" match support

<M> FTP Protocol Support

<M> Connection Tracking NetLink interface

<M> "Connlimit" match support

<M> ' state ' match support

<M> "Conntrack" Connection match support

<M> "Mac" address match support

<M> "Multiport" multiple port match support

Networking support→networking options→network packet filtering Framework→ip:netfilter Configuration

<M> IPV4 Connection Tracking Support (required for NAT)

<M> Full NAT

<M> Masquerade Target Support

<M> Netmap Target Support

<M> REDIRECT Target Support

# screen//Prevent Make time interrupt

# make

# Make Modules_install

# make Install

2. Compile the new version iptables

# Cp/etc/init.d/iptables ~/iptables

# Cp/etc/sysconfig/iptables-config ~/

# Cp/etc/sysconfig/iptables ~/iptables.rules

# Service Iptables Stop

# chkconfig Iptables off

# rpm-e Iptables-ipv6 iptables iptstate--nodeps

# tar JXVF iptables-1.4.6.tar.bz2–c/usr/src

# cd/usr/src/iptables-1.4.6

# CP.. /netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.*./extensions/

#./configure--prefix=/usr--with-ksource=/usr/src/linux

# make

# make Install

# which iptables

/usr/sbin/iptables

# VIM ~/iptables--Modify the following content

if [!-X /usr/sbin/$IPTABLES ]; Then

Echo-n $ "/usr/sbin/$IPTABLES does not exist."; Warning Echo

Exit 0

# CP ~/iptables/etc/init.d/

# chkconfig--add iptables

# CP ~/iptables-configs/etc/sysconfig/

# service Iptables Start

Applying iptables firewall rules: [OK]

Loading additional iptables modules:ip_nat_ftp ip_conntrac[OK]

3, Installation L7-protocols

# tar ZXVF l7-protocols-2009-05-28.tar.gz

# CD L7-protocols-2009-05-28

# make Install

Mkdir-p/etc/l7-protocols

Cp-r */etc/l7-protocols

# Service Iptables Restart

This article is from "Xiao Zeng" blog, please be sure to keep this source http://zengxin.blog.51cto.com/6098070/1722228

Iptables Learning Notes compilation kernel and iptables and installation L7proto

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Iptables Learning Notes compilation kernel and iptables and installation L7proto

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support