วันอังคารที่ 19 สิงหาคม พ.ศ. 2551

compile debian lenny support l7 

http://forum.systemnetworkcare.com/index.php?topic=98.0
#ref & Big thank
# http://www.elessar.one.pl/article_kernel2.6.php
# http://suchart.wordpress.com/2008/02/02/kernel-2624-iptables-140-l7-filter-217-ipp2p-082-on-debian-40/
# http://kung1401.hi5.com/friend/profile/displayJournalDetail.do?ownerId=204560961&journalId=41474051
# http://hadyaiinternet.com
# http://siambox.com

#SiamVision Computer & network
#sncvision@hotmail.com

apt-get update
apt-get install build-essential
apt-get install kernel-package
apt-get install libncurses5-dev

cd /usr/src

apt-get install linux-source-2.6.24
wget http://iptables.org/projects/iptables/files/iptables-1.4.0.tar.bz2
wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
wget http://jaist.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2008-04-23.tar.gz
wget ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20080517.tar.bz2

echo "***download complete***"
echo "***Extract archive***"
tar xvzf l7-protocols-2008-04-23.tar.gz
tar xvzf netfilter-layer7-v2.18.tar.gz
tar xvjf patch-o-matic-ng-20080517.tar.bz2
tar xvjf linux-source-2.6.24.tar.bz2
tar xvjf iptables-1.4.0.tar.bz2
echo " done"

echo -n "Start Symbolic link >>>"
ln -s linux-source-2.6.24 linux
ln -s iptables-1.4.0 iptables
echo " done"

echo -n "Patch linux kernel & iptables with l7-filter >>>"
cd /usr/src/linux
patch -p1 < ../netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.22-2.6.24-layer7-2.18.patch  echo -n "Patch iptables" cd ../iptables patch -p1 < ../netfilter-layer7-v2.18/iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch chmod +x extensions/.layer7-test echo " done"  echo -n "Patch-o-magic ipp2p&l7&&connlimit" cd ../patch-o-matic-ng-20080517 echo " done" ./runme --download ./runme ipp2p  echo -n "config and compile kernel" cd /usr/src/linux cp /boot/config-2.6.24-1-686 ./.config make menuconfig   make-kpkg clean make-kpkg --initrd --append-to-version=-siamvision kernel_image kernel_headers  dpkg -i linux-image+tab dpkg -i linux-headers+tab  mv /usr/src/l7-protocols-2008-04-23 /etc/l7-protocols  cd /usr/src/iptables make KERNEL_DIR=/usr/src/linux make install  Reboot  Test iptables -m ipp2p --help iptables -m layer7 --help  iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP iptables -A FORWARD -m ipp2p --ipp2p -j DROP    echo -n "bittorent" echo '# Bittorrent announce (tracker)' > /etc/l7-protocols/protocols/bittorrent-announce.pat
echo 'bittorrent-announce' >> /etc/l7-protocols/protocols/bittorrent-announce.pat
echo '^get.+announce.+info_hash=' >> /etc/l7-protocols/protocols/bittorrent-announce.pat
echo " done"

echo " * iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP"
echo " * iptables -A FORWARD -m layer7 --l7proto bittorrent-announce -j DROP"
ที่ 15:49

คลังบทความของบล็อก