加点自已内容的新内核下L7-FILTER的应用实例!-白红宇

加点自已内容的新内核下L7-FILTER的应用实例!

转载自：如下BLOG

本人实验的环境：

RED HAT LINUX AS4 （KERNEL 2.6.9）

1.下载

linux-2.6.13.tar.bz2

iptables-1.3.3.tar.bz2

patch-o-matic-ng-20050925.tar.bz2

netfilter-layer7-v2.0-beta.tar.gz

l7-protocols-2005-09-12.tar.gz

分别解压到/usr/local/src 下面

/sbin/lspci >> /root/hardward.conf

cat /proc/cpuinfo >> /root/hardward.conf

cd /usr/local/src/patch-o-matic-ng-20050925

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme time

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme ipv4options

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme psd

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme mport

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme ipp2p

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme quota

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme comment

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme connlimit

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme iprange

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme nth

KERNEL_DIR=/usr/local/src/linux-2.6.13 IPTABLES_DIR=/usr/local/src/iptables-1.3.3 ./runme geoip

cd /usr/local/src/linux-2.6.13

patch -p1 < /usr/local/src/netfilter-layer7-v2.0-beta/kernel-2.6.13-layer7-2.0.patch

cd /usr/local/src/iptables-1.3.3

patch -p1 < /usr/local/src/netfilter-layer7-v2.0-beta/iptables-layer7-2.0.patch

cd /usr/local/src/linux-2.6.13

make menuconfig

make dep #可选(make by rickyfang)

make all

make modules_install

(如果按照此操作，可能导致KERNEL没有加载成功，也就是提示找不到.CONFIG文件，故还要运行make，也许原作者的make all是此作用，但我用不行的！)

cp /usr/local/src/linux-2.6.13/arch/i386/boot/bzImage /boot/vmlinuz-2.6.13

su -

/sbin/depmod -a

mkinitrd /boot/initrd-2.6.13.img 2.6.13

cd /usr/local/src/iptables-1.3.3

chmod +x extensions/.layer7-test

export KERNEL_DIR=/usr/local/src/linux-2.6.13

export IPTABLES_DIR=/usr/local/src/iptables-1.3.3

make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin &&

make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install

#make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin MANDIR=/usr/share/man install

安装l7-filter协议文件：

cd /usr/local/src/l7-protocols-2005-09-12

make install

[root@ns grub]# vi grub.conf

# grub.conf generated by anaconda

# Note that you do not have to rerun grub after making changes to this file

# NOTICE: You have a /boot partition. This means that

# all kernel and initrd paths are relative to /boot/, eg.

# root (hd0,0)

# kernel /vmlinuz-version ro root=/dev/hda2

# initrd /initrd-version.img

#boot=/dev/hda

default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

hiddenmenu

title Red Hat AS By RickyFang (2.6.13)

root (hd0,0)

kernel /vmlinuz-2.6.13 ro root=LABEL=/ rhgb quiet

initrd /initrd-2.6.13.img

上面的做完，并不能实现新内核的应用，以及IPTABLES子系统IPP2P的应用，所参考的文中原作者并没有改变GRUB的设置，故而造成了，实验并不成功，后来，我改动了GRUB.CONF，并重启系统，重新进入编译好的2.6.13的内核，成功实现IPTABLES命令的应用！！！

本文转自 rickyfang 51CTO博客，原文链接：http://blog.51cto.com/rickyfang/127465，如需转载请自行联系原作者