Това е туториъл който намерих оригинално на
http://ogordo.com/instalacao-do-layer7-no-debian/
Там е на някакъв език който аз определям като испански но не мога да съм сигурен. Прекарах го през google translate и не съм много сигурен колко успешен е превода но аз лично тествах командите които е изпълнявал автора и мога да кажа че довеждат до работеща система с layer 7 подръжка. Като бонус получаваме дебиански пакет :)
Забележка: Авторите на iptables предупреждават че той съвсем не е направен за такъв тип филтрирания. Така че ... знаете си всичко е на ваша отговорност :)
Implementing layer7 Linux Debian Lenny with kernel 2.6.28 and iptables 1.4.2. After several attempts to recompile the kernel on Debian Lenny layer7 to implement and suffer a lot with the famous message "kernel panic, I managed to recompile it in accordance with the commands below.
Installing needed packages:
# aptitude install libncurses5-dev
# aptitude install kernel-package
# aptitude install zlib1g-dev
Enter the source directory and download files.
# cd / usr / src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2
# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
# wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.21.tar.gz
# wget http://downloads.sourceforge.net/l7-filter/l7-protocols-2008-04-23.tar.gz
# wget http://merkel.debian.org/~jurij/2.6.28-1/i386/config-2.6.28-1-686.gz
Removing iptables:
# aptitude purge iptables
Unpacking the packages:
# tar jxvf linux-2.6.28.tar.bz2
# tar jxvf iptables-1.4.2.tar.bz2
# tar zxvf netfilter-layer7-v2.21.tar.gz
# tar zxvf l7-protocols-2008-04-23.tar.gz
# uncompress config-2.6.28-1-686.gz
Creating a link to the kernel directory:
# ln -s /usr/src/linux-2.6.28 /usr/src/linux
Copying the boot settings and applying patches to the kernel layer7:
# cd /usr/src/linux
# cp ../config-2.6.28-1-686 .config
# patch -p1 < ../netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch
Compiling and installing kernel
# make oldconfig
(Enter for all questions)
# Make menuconfig
Enter the directory Networking -> Networking Options -> Network Packet Filtering framework (netfilter) -> Core Netfilter Configuration
Select the modules (M) layer7 match and support (M) string match support
(M) layer7 match support #MARK AS MODULE
(M) string match support #MARK AS MODULE
Exit through the exit, the last screen, choose save to the. Config, ie, the last exit you will be prompted to save. Now it's simple, just compile.
# make-kpkg -initrd kernel_image
It was created a linux-image-file-2.6.28_2.6.28 10.00.Custom_i386.deb in / usr / src directory and install again.
# cd /usr/src
# dpkg -i linux-image-2.6.28_2.6.28-10.00.Custom_i386.deb
Pronto, the new kernel is already installed.
Applying the patches and installing iptables
Type:
# cd /usr/src/iptables-1.4.2
Copy the files to the directory libxt_layer7.c libxt_layer7.man iptables:
# cp ../netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* extensions/
Installing iptables:
# ./configure –with-ksource=/usr/src/linux
# make
# make install
# cd /usr/src/l7-protocols-2008-04-23
# make install
Okay, just reboot and use!
# reboot
If by chance Debian does not automatically load the module, run the following command:
# modprobe ipt_layer7
Some rules:
iptables-A FORWARD-m-layer7 l7proto MSNMessenger-j DROP
iptables-A FORWARD-m-layer7 l7proto bittorrent-j DROP
Няма коментари:
Публикуване на коментар