smoothwall-express-3.0-sp1-devel-i386系统中 Netfilter/Iptables 增加time、layer7模块:
1.内核版本查看:
smoothwall133 (root) ~ $ uname -a
Linux smoothwall133 2.6.16.60 #1 Fri Aug 8 21:50:45 BST 2008 i686 GNU/Linux
2.创建目录和链接:
mkdir /root/zxy
ln -s /usr/src/expresscore/distrib/build/sources/kernel-runtime/linux-2.6.16.60/ /root/zxy/linux-2.6.16.60
ln -s /usr/src/expresscore/distrib/build/sources/iptables/iptables-1.3.7 /root/zxy/iptables-1.3.7
3.time模块的下载、编译、安装:
cd /root/zxy
wget ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20080214.tar.bz2
cd patch-o-matic-ng-20080214
./runme --download
# 说明:指定目录"/root/zxy/linux-2.6.16.60"和"/root/zxy/iptables-1.3.7"作回答
./runme time
# 说明:用"y"作回答
cd /root/zxy/linux-2.6.16.60
make menuconfig
# 说明:将time模块设置为Linux的可加载模块
make modules SUBDIRS=net/ipv4/netfilter
insmod /lib/modules/`uname -r`/kernel/net/netfilter/ipt_time.ko
# 说明:手工加载Netfilter的time内核模块
4.iptables工具对time模块的支持:
cd /root/zxy/iptables-1.3.7
chmod +x extensions/.ACCOUNT-test
make KERNEL_DIR=/root/zxy/linux-2.6.16.60
make install KERNEL_DIR=/root/zxy/linux-2.6.16.60
# 说明:iptables的命令行程序将安装于目录/usr/local/sbin
# 说明:iptables命令支持的模块将安装于目录/usr/local/lib/iptables
5.layer7模块的下载、编译、安装:
cd /root/zxy
tar zxvf netfilter-layer7-v2.19.tar.gz -C /root/zxy
cd /root/zxy/linux-2.6.16.60
patch -p1 < /root/zxy/netfilter-layer7-v2.19/for_older_kernels/kernel-2.6.13-2.6.16-layer7-2.2.patch
make menuconfig
make modules SUBDIRS=net/ipv4/netfilter
insmod /lib/modules/`uname -r`/kernel/net/netfilter/ipt_layer7.ko
6.iptables工具对layer7模块的支持:
cd /root/zxy/iptables-1.3.7
patch -p1 < /root/zxy/netfilter-layer7-v2.19/iptables-1.3-for-kernel-pre2.6.20-layer7-2.19.patch
chmod +x ./extensions/.layer7-test
make KERNEL_DIR=/root/zxy/linux-2.6.16.60
make install KERNEL_DIR=/root/zxy/linux-2.6.16.60
# 说明:iptables的命令行程序将安装于目录/usr/local/sbin
# 说明:iptables命令支持的模块将安装于目录/usr/local/lib/iptables
7.iptables命令对time、layer7模块支持的检验及使用说明:
iptables -m time --help
iptables -m layer7 --help
