Linux command: Compile and install iptables
First, compile and install iptables before preparing:
Three documents to be backed up before uninstalling iptables : iptables startup script, Iptables-config configuration document, and established Iptables rule document
[email protected] ~]# cp/etc/init.d/iptables ~/iptables #复制iptables启动脚本
[Email protected] ~]# cp/etc/sysconfig/iptables-config ~/#复制iptables配置文档
[[email protected] ~]# cp/etc/sysconfig/iptables ~/iptables.rules# Copy the established iptables rule document
[email protected] ~]# mkdir iptables
[Email protected] ~]# CD iptables
[[email protected] iptables]# cp/etc/init.d/iptables./ # startup script
[Email protected] iptables]# cp/etc/sysconfig/iptables-config./ # configuration document
[[email protected] iptables]# cp/etc/sysconfig/iptables./iptables.rules #已establish a rule document
[[email protected] iptables]# ls
Iptables Iptables-config Iptables.rules
[email protected] iptables]# service iptables Stop #停止iptables服务
Purge firewall rules: [OK]
Set chains to ACCEPT policy: filter [OK]
Uninstalling Iiptables module: [OK]
[email protected] ~]# CH kconfig iptables off #关闭开机自启动iptables
[email protected] ~]# rpm-e Iptables-ipv6 iptables iptstate--nodeps
#卸载iptables相关包至少需卸载上述三个包,--nodeps forced uninstallation ignores dependencies.
Warning:/etc/sysconfig/iptables-config saved As/etc/sysconfig/iptables-config.rpmsave
[email protected] ~]# ls #查看下载的iptables源码包和netfilter包
IPTABLES-1.4.6.TAR.BZ2 netfilter-layer7-v2.23.tar.gz
[Email protected] ~]# tar jxvf iptables-1.4.6.tar.bz2-c/usr/src #解压包到指定路径/usr/src
[[Email protected] ~]# tar zxvf netfilter-layer7-v2.23.tar.gz-c/usr/src #-C Specify the compression path
Lftp 10.109.134.200:/minilinux> mget linux-2.6.18.tar.bz2
[email protected] src]# tar xf linux-2.6.18.tar.bz2 -c/usr/src
[Email protected] src]# ln-s linux-2.6.18 linux #生成软链接为linux
[[email protected] src]# ls
iptables-1.4.6 Kernels Linux linux-2.6.18 netfilter-layer7-v2.23 Redhat
[email protected] linux]# Patch-p1 <. /netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
Patching file net/netfilter/kconfig
Hunk #1 succeeded at 407 with Fuzz 1 (offset-388 lines).
Patching file Net/netfilter/makefile
Hunk #1 succeeded at + Fuzz 2 (offset-34 lines).
Patching file net/netfilter/xt_layer7.c
Patching file net/netfilter/regexp/regexp.c
Patching file net/ Netfilter/regexp/regexp.h
Patching file net/netfilter/regexp/regmagic.h
Patching file net/netfilter/regexp/ REGSUB.C
Patching file net/netfilter/nf_conntrack_core.c
cp/boot/config-2.6.18-164.el5pae. config
[email protected] linux]# Make Menuconfig #编译内核
[email protected] linux]# make Modules_install #编译模块
[email protected] linux]# make install #编译模块
[[email protected] src]# ls /usr/src
iptables-1.4.6 netfilter-layer7-v2.23 Redhat
[email protected] src]# CP netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.* iptables-1.4.6/extensions/
#把netfilt目录中libxt_1ayer7. * All files are copied to the extensions directory in iptables
[Email protected]hntest src]# CD iptables-1.4.6/
[Email protected] iptables-1.4.6]# pwd
/usr/src/iptables-1.4.6
[Email protected] iptables-1.4.6]#/configure--prefix=/usr--with-ksource=/usr/src/linux
#编译--prefix Specify the installation path--with-ksource specify the associated source path
[email protected] iptables-1.4.6]#Make && make install[email protected] iptables-1.4.6]# which iptables #查看刚安装的iptables路径
/usr/sbin/iptables
[[Email protected] iptables-1.4.6]# CD
[email protected] ~]# vim iptables #需修改2个路径跟刚才安装的iptables一致
650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M02/8E/DA/wKiom1jM6LazFwdSAAGP6ISRY38779.jpg "title=" 1.jpg "alt=" Wkiom1jm6lazfwdsaagp6isry38779.jpg "/>
[Email protected] ~]# CP iptables/etc/init.d/
[Email protected] ~]# chkconfig--add iptables #加入到开机启动列表中
[Email protected] ~]# chkconfig iptables on #设置开机启动
[Email protected] ~]# CP iptables-config/etc/sysconfig/
[[email protected] ~]# service iptables start
Download l7-protocols-2009-05-28.tar.gz:
[[email protected] ~]# ls
l7-protocols-2009-05-28.tar.gz Utility iptables-1.4.6.tar.bz2 Readme
etc iptables netfilter-layer7-v2.23.tar.gz
[Email protected] ~]# tar xvf l7-protocols-2009-05-28.tar.gz
[Email protected] ~]# CD l7-protocols-2009-05-28
[email protected] l7-protocols-2009-05-28]# Make install #直接编译安装
Mkdir-p/etc/l7-protocols
Cp-r */etc/l7-protocols
[Email protected] l7-protocols-2009-05-28]# service iptables Restart
[[email protected] l7-protocols-2009-05-28]# CD
[Email protected] ~]# iptables-t nat-a postrouting-s 192.168.10.0/24-j SNAT--to-source 172.16.100.7 #原地址转换成172. 16.100.7
[Email protected] ~]# iptables-a forward-s 192.168.10.0/24-m layer7 --l7proto qq-j REJECT
#禁止原地址为192.168.10.0/24 Host, login QQ service
IPTABLES-1.4.6.TAR.BZ2:
Http://www.filewatcher.com/d/Gentoo/distfiles/Other/iptables-1.4.6.tar.bz2.463758.html
L7-protocols-2009-05-28.tar.gz:
http://download.chinaunix.net/download.php?id=25732&ResourceID=5525
Linux iptables settings in detail
Http://www.linuxidc.com/Linux/2012-03/56066.htm
Linux command: Compile and install iptables
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
