心得笔记网站首页 心得笔记

马哥linux运维学习笔记-iptables系列之layer7-内核编译

发布时间：2019-03-08 12:45:18编辑：雪饮阅读（）

layer7是实现基于应用协议的网络过滤必不可少的

要想使用layer7需要先编译内核使内核支持，然后再安装相关扩展才可以

为内核打补丁新增layer7

[root@mail src]# tar -zxvf netfilter-layer7-v2.22.tar.gz

[root@mail src]# tar -zxvf linux-2.6.28.10.tar.gz

[root@mail src]# ln -sv linux-2.6.28.10 linux

[root@mail src]# cd linux

开始打补丁

[root@mail linux]# patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch

patching file net/netfilter/Kconfig

patching file net/netfilter/Makefile

patching file net/netfilter/xt_layer7.c

patching file net/netfilter/regexp/regexp.c

patching file net/netfilter/regexp/regexp.h

patching file net/netfilter/regexp/regmagic.h

patching file net/netfilter/regexp/regsub.c

patching file net/netfilter/nf_conntrack_core.c

patching file net/netfilter/nf_conntrack_standalone.c

patching file include/net/netfilter/nf_conntrack.h

patching file include/linux/netfilter/xt_layer7.h

复制当前系统内核配置

[root@mail linux]# cp /boot/config-2.6.18-308.el5 .config

筛选

[root@mail linux]# make menuconfig

修改如下项：

General setup->

(-l7) Local version - append to kernel release

Processor type and features->

Processor family (Core 2/newer Xeon) 该项针对自己的情况选择最匹配的即可

Networking support->

Networking options->

[*] Network packet filtering framework (Netfilter)->

Core Netfilter Configuration->

<M> Netfilter connection tracking support

[*] Connection tracking flow accounting

[*] Connection mark tracking support

<M> FTP protocol support

<M> Connection tracking netlink interface

<M> "iprange" address range match support

<M> "layer7" match support

<M> "time" match support

IP: Netfilter Configuration->

<M> IPv4 connection tracking support (required for NAT)

<M> Full NAT

<M> MASQUERADE target support

<M> NETMAP target support

<M> REDIRECT target support

< > Bluetooth subsystem support

Device Drivers->

< > Sound card support

然后保存退出

[root@mail linux]# screen

[root@mail linux]# make

[root@mail linux]# make modules_install

[root@mail linux]# make install

配置开机自动启动刚才编译的内核

[root@mail linux]# cat /etc/grub.conf

# grub.conf generated by anaconda

# Note that you do not have to rerun grub after making changes to this file

# NOTICE: You have a /boot partition. This means that

# all kernel and initrd paths are relative to /boot/, eg.

# root (hd0,0)

# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00

# initrd /initrd-version.img

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

hiddenmenu

title Red Hat Enterprise Linux Server (2.6.28.10-l7)

root (hd0,0)

kernel /vmlinuz-2.6.28.10-l7 ro root=/dev/VolGroup00/LogVol00 rhgb quiet

initrd /initrd-2.6.28.10-l7.img

title Red Hat Enterprise Linux Server (2.6.18-308.el5)

root (hd0,0)

kernel /vmlinuz-2.6.18-308.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet

initrd /initrd-2.6.18-308.el5.img

然后重启系统。

关键字词：linux,iptables,内核,layer7

上一篇：马哥linux运维学习笔记-iptables系列之nat及其过滤功能

下一篇：马哥linux运维学习笔记-iptables系列之layer7-相关扩展的安装

您当前的位置： 首页 > 学无止境 > 心得笔记 网站首页心得笔记

马哥linux运维学习笔记-iptables系列之layer7-内核编译

相关文章

您当前的位置：首页 > 学无止境 > 心得笔记网站首页心得笔记