给iptables添加模块
时间:2005-12-25 来源:lues
准备工作:
1, 最新的patch-o-matic-ng,在下面的地址可以下载到最新的:
http://ftp.netfilter.org/pub/patch-o-matic-ng/
2, 最新的iptables源代码:
http://www.netfilter.org
3, 内核源代码:
http://www.kernel.org
4, L7-filter 补丁以及协议描述文件:
http://sourceforge.net/project/showfiles.php?group_id=80085
5, geoip文件下载
http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.idx
http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.bin
1, 最新的patch-o-matic-ng,在下面的地址可以下载到最新的:
http://ftp.netfilter.org/pub/patch-o-matic-ng/
2, 最新的iptables源代码:
http://www.netfilter.org
3, 内核源代码:
http://www.kernel.org
4, L7-filter 补丁以及协议描述文件:
http://sourceforge.net/project/showfiles.php?group_id=80085
5, geoip文件下载
http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.idx
http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.bin
Iptables添加模块 For kernel 2.6
准备工作:
1, 最新的patch-o-matic-ng,在下面的地址可以下载到最新的:
http://ftp.netfilter.org/pub/patch-o-matic-ng/
2, 最新的iptables源代码:
http://www.netfilter.org
3, 内核源代码:
http://www.kernel.org
4, L7-filter 补丁以及协议描述文件:
http://sourceforge.net/project/showfiles.php?group_id=80085
5, geoip文件下载
http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.idx
http://people.netfilter.org/peejix/geoip/database/20050410/geoipdb.bin
cd /usr/src/kernels/linux-2.6.14
make mrproper
make menuconfig(注意一定要生成.config)
[root@test11 iptables-1.3.4]# cd /root/iptables/patch-o-matic-ng-20051215
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme string #2.6内核不用该选项
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme comment
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme connlimit
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme time
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme iprange
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme geoip
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme nth
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme ipp2p
KERNEL_DIR=/usr/src/kernels/linux-2.6.14 IPTABLES_DIR=/usr/src/iptables-1.3.4 ./runme quota
[root@test11 patch-o-matic-ng-20051215]# cd /usr/src/kernels/linux-2.6.14/
[root@test11 linux-2.6.14]# patch -p1 </root/iptables/netfilter-layer7-v2.0/kernel-2.6.13-2.6.14-layer7-2.0.patch
[root@test11 linux-2.6.14]# cd /usr/src/iptables-1.3.4
[root@test11 iptables-1.3.4]# patch -p1 </root/iptables/netfilter-layer7-v2.0/iptables-layer7-2.0.patch
[root@test11 iptables-1.3.4]#
编译内核:
make menuconfig (在这里选择你添加的netfilter的模块)
make
make modules_install install
编译iptables:
cd /usr/src/iptables-1.3.4
chmod a+x extensions/.layer7-test
export KERNEL_DIR=/usr/src/kernels/linux-2.6.14/
export IPTABLES_DIR=/usr/src/iptables-1.3.4
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin && make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install
注意:
[root@test11 iptables-1.3.4]# ll extensions/.layer7-test
-rw-r--r-- 1 root root 87 Dec 16 16:51 extensions/.layer7-test
[root@test11 iptables-1.3.4]# chmod a+x extensions/.layer7-test
[root@test11 iptables]# cd l7-protocols-2005-12-16
[root@test11 l7-protocols-2005-12-16]# make install
http://www.douzhe.com/article/data/7/681.html
http://www.douzhe.com/article/data/7/685.html
http://bbs.chinaunix.net/viewthread.php?tid=585771&extra=&page=1
http://ftp.jyt.com.cn/baijin/book/netfilter-extensions-HOWTO-CN.pdf
http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO.html
http://phorum.study-area.org/viewtopic.php?t=33426&postdays=0&postorder=asc&start=30&sid=a405f0a8f0fb7dc05fa32372e6a2e2fc
http://www.router.net.cn/softrouter/CoyoteLinux/200503/1748.html
http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-pptp-conntrack-nat
注: [root@kindgeorge linux-2.4]# make oldconfig
'make oldconfig' - 采用以前的 .config 文件 (编译时十分有用)
技巧:在make menuconfig时,我们面对众多的选项常常不知道该如何选择,此时可以把安装时的配置文件copy到/usr/src/linux-2.4中:cp /boot/config-2.4.* /usr/src/linux-2.4/.config,再用make menuconfig编译,它会读取.config中原来的配置信息.
geoip
The only extra files you need is a binary db (geoipdb.bin) & its index file (geoipdb.idx).Both files are generated from a countries & subnets database with the csv2bin tool,available at www.cookinglinux.org/geoip/. Both files MUST also be moved in /var/geoip/ as the shared library is statically looking for that pathname (ex.: /var/geoip/geoipdb.bin).
这个你需要额外的二进位文件geoipdb.bin 和它的索引文件geoipdb.idx.这两个文件是国家地区网络数据库,是用csv2bin 工具生成的,可以在www.cookinglinux.org/geoip/得到.这些文件必须放在/var/geoip/下,作为一个共享库查找路径名字如/var/geoip/geoipdb.bin
相关阅读 更多 +
排行榜 更多 +
