加点自已内容的新内核下L7-FILTER的应用实例!
转载自:如下BLOG
[url]http://pc100.blogbus.com/index.html[/url]
本人实验的环境:
RED HAT LINUX AS4 (KERNEL 2.6.9)
1.下载
linux-2.6.13.tar.bz2
iptables-1.3.3.tar.bz2
patch-o-matic-ng-20050925.tar.bz2
netfilter-layer7-v2.0-beta.tar.gz
l7-protocols-2005-09-12.tar.gz
分别解压到/usr/local/src 下面
/sbin/lspci >> /root/hardward.conf
cat /proc/cpuinfo >> /root/hardward.conf
cd /usr/local/src/patch-o-matic-ng-20050925
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme time
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme ipv4options
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme psd
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme mport
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme ipp2p
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme quota
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme comment
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme connlimit
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme iprange
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme nth
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme geoip
cd /usr/local/src/linux-2.6.13
patch -p1 < /usr/local/src/netfilter-layer7-v2.0-beta/kernel-2.6.13-layer7-2.0.patch
cd /usr/local/src/iptables-1.3.3
patch -p1 < /usr/local/src/netfilter-layer7-v2.0-beta/iptables-layer7-2.0.patch
cd /usr/local/src/linux-2.6.13
make menuconfig
make dep #可选(make by rickyfang)
make all
make modules_install
(如果按照此操作,可能导致KERNEL没有加载成功,也就是提示找不到.CONFIG文件,故还要运行make,也许原作者的make all是此作用,但我用不行的!)
cp /usr/local/src/linux-2.6.13/arch/i386/boot/bzImage /boot/vmlinuz-2.6.13
su -
/sbin/depmod -a
mkinitrd /boot/initrd-2.6.13.img 2.6.13
cd /usr/local/src/iptables-1.3.3
chmod +x extensions/.layer7-test
export KERNEL_DIR=/usr/local/src/linux-2.6.13
export IPTABLES_DIR=/usr/local/src/iptables-1.3.3
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin &&
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install
#make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin MANDIR=/usr/share/man install
安装l7-filter协议文件:
cd /usr/local/src/l7-protocols-2005-09-12
make install
[root@ns grub]# vi grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/hda2
# initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat AS By RickyFang (2.6.13)
root (hd0,0)
kernel /vmlinuz-2.6.13 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.13.img
转载自:如下BLOG
[url]http://pc100.blogbus.com/index.html[/url]
本人实验的环境:
RED HAT LINUX AS4 (KERNEL 2.6.9)
1.下载
linux-2.6.13.tar.bz2
iptables-1.3.3.tar.bz2
patch-o-matic-ng-20050925.tar.bz2
netfilter-layer7-v2.0-beta.tar.gz
l7-protocols-2005-09-12.tar.gz
分别解压到/usr/local/src 下面
/sbin/lspci >> /root/hardward.conf
cat /proc/cpuinfo >> /root/hardward.conf
cd /usr/local/src/patch-o-matic-ng-20050925
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme time
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme ipv4options
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme psd
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme mport
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme ipp2p
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme quota
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme comment
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme connlimit
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme iprange
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme nth
KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme geoip
cd /usr/local/src/linux-2.6.13
patch -p1 < /usr/local/src/netfilter-layer7-v2.0-beta/kernel-2.6.13-layer7-2.0.patch
cd /usr/local/src/iptables-1.3.3
patch -p1 < /usr/local/src/netfilter-layer7-v2.0-beta/iptables-layer7-2.0.patch
cd /usr/local/src/linux-2.6.13
make menuconfig
make dep #可选(make by rickyfang)
make all
make modules_install
(如果按照此操作,可能导致KERNEL没有加载成功,也就是提示找不到.CONFIG文件,故还要运行make,也许原作者的make all是此作用,但我用不行的!)
cp /usr/local/src/linux-2.6.13/arch/i386/boot/bzImage /boot/vmlinuz-2.6.13
su -
/sbin/depmod -a
mkinitrd /boot/initrd-2.6.13.img 2.6.13
cd /usr/local/src/iptables-1.3.3
chmod +x extensions/.layer7-test
export KERNEL_DIR=/usr/local/src/linux-2.6.13
export IPTABLES_DIR=/usr/local/src/iptables-1.3.3
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin &&
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install
#make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin MANDIR=/usr/share/man install
安装l7-filter协议文件:
cd /usr/local/src/l7-protocols-2005-09-12
make install
[root@ns grub]# vi grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/hda2
# initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat AS By RickyFang (2.6.13)
root (hd0,0)
kernel /vmlinuz-2.6.13 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.13.img
上面的做完,并不能实现新内核的应用,以及IPTABLES子系统IPP2P的应用,所参考的文中原作者并没有改变GRUB的设置,故而造成了,实验并不成功,后来,我改动了GRUB.CONF,并重启系统,重新进入编译好的2.6.13的内核,成功实现IPTABLES命令的应用!!!
本文转自 rickyfang 51CTO博客,原文链接:http://blog.51cto.com/rickyfang/127465,如需转载请自行联系原作者
