linux命令:编译安装iptables

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux命令:编译安装iptables相关的知识,希望对你有一定的参考价值。

linux命令:编译安装iptables


一、编译安装iptables前准备:

    卸载iptables前需备份三个文档:iptables启动脚本,iptables-config配置文档,以及已经建立好的iptables规则文档

[[email protected] ~]# cp /etc/init.d/iptables ~/iptables  #复制iptables启动脚本

[[email protected] ~]# cp /etc/sysconfig/iptables-config  ~/  #复制iptables配置文档

[[email protected] ~]# cp /etc/sysconfig/iptables ~/iptables.rules#复制已建立的iptables规则文档



[[email protected] ~]# mkdir iptables
[[email protected] ~]# cd iptables
[[email protected] iptables]# cp /etc/init.d/iptables ./    #启动脚本
[[email protected] iptables]# cp /etc/sysconfig/iptables-config ./    #配置文档
[[email protected] iptables]# cp /etc/sysconfig/iptables ./iptables.rules   #已建立规则文档
[[email protected] iptables]# ls
iptables  iptables-config  iptables.rules


[[email protected] iptables]# service iptables stop     #停止iptables服务

清除防火墙规则:                [确定]

把 chains 设置为 ACCEPT 策略:filter       [确定]

正在卸载 Iiptables 模块:               [确定]

[[email protected] ~]# chkconfig iptables off    #关闭开机自启动iptables


[[email protected] ~]# rpm -e iptables-ipv6 iptables iptstate --nodeps 

#卸载iptables相关包至少需卸载上述三个包,--nodeps强制卸载忽略依赖关系。

warning: /etc/sysconfig/iptables-config saved as /etc/sysconfig/iptables-config.rpmsave


[[email protected] ~]#  ls  #查看下载的iptables源码包和netfilter包

 iptables-1.4.6.tar.bz2     netfilter-layer7-v2.23.tar.gz

[[email protected] ~]# tar jxvf iptables-1.4.6.tar.bz2 -C /usr/src  #解压包到指定路径/usr/src

[[email protected] ~]# tar zxvf netfilter-layer7-v2.23.tar.gz -C /usr/src # -C指定加压缩路径


下载内核包:

lftp 10.109.134.200:/minilinux> mget linux-2.6.18.tar.bz2

[[email protected] src]# tar xf linux-2.6.18.tar.bz2  -C /usr/src 


[[email protected] src]# ln -s linux-2.6.18 linux   #生成软链接为linux

[[email protected] src]# ls

iptables-1.4.6  kernels  linux  linux-2.6.18  netfilter-layer7-v2.23  redhat

[[email protected] linux]# patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
patching file net/netfilter/Kconfig         #打补丁
Hunk #1 succeeded at 407 with fuzz 1 (offset -388 lines).
patching file net/netfilter/Makefile
Hunk #1 succeeded at 50 with fuzz 2 (offset -34 lines).
patching file net/netfilter/xt_layer7.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/nf_conntrack_core.c
[[email protected] linux]# cp /boot/config-2.6.18-164.el5PAE .config
[email protected] linux]# make menuconfig #编译内核 

[email protected] linux]# make modules_install #编译模块 

[email protected] linux]# make install  #编译模块


[[email protected] src]# ls /usr/src

iptables-1.4.6     netfilter-layer7-v2.23  redhat

[[email protected] src]# cp netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.* iptables-1.4.6/extensions/

#把netfilt目录中libxt_1ayer7.*所有文件复制到iptables中的extensions目录中


[[email protected]ohntest src]# cd iptables-1.4.6/

[[email protected] iptables-1.4.6]# pwd

/usr/src/iptables-1.4.6

[[email protected] iptables-1.4.6]# ./configure --prefix=/usr --with-ksource=/usr/src/linux 

#编译--prefix指定安装路径 --with-ksource指定关联的源路径

[[email protected] iptables-1.4.6]# make && make install

[[email protected] iptables-1.4.6]# which iptables #查看刚安装的iptables路径

/usr/sbin/iptables

[[email protected] iptables-1.4.6]# cd 

[[email protected] ~]# vim iptables  #需修改2个路径跟刚才安装的iptables一致

技术分享

[[email protected] ~]# cp iptables /etc/init.d/

[[email protected] ~]# chkconfig --add iptables  #加入到开机启动列表中

[[email protected] ~]# chkconfig iptables on   #设置开机启动

[[email protected] ~]# cp iptables-config /etc/sysconfig/

[[email protected] ~]# service iptables start


下载l7-protocols-2009-05-28.tar.gz:

[[email protected] ~]# ls

l7-protocols-2009-05-28.tar.gz utility iptables-1.4.6.tar.bz2  readme  

 etc    iptables    netfilter-layer7-v2.23.tar.gz

[[email protected] ~]# tar xvf l7-protocols-2009-05-28.tar.gz

[[email protected] ~]# cd l7-protocols-2009-05-28

[[email protected] l7-protocols-2009-05-28]# make install  #直接编译安装

mkdir -p /etc/l7-protocols

cp -R * /etc/l7-protocols

[[email protected] l7-protocols-2009-05-28]# service iptables restart

[[email protected] l7-protocols-2009-05-28]# cd 

[[email protected] ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 172.16.100.7  #原地址转换成172.16.100.7

[[email protected] ~]# iptables -A FORWARD -s 192.168.10.0/24 -m layer7 --l7proto qq -j REJECT

#禁止原地址为192.168.10.0/24的主机,登录qq服务



iptables-1.4.6.tar.bz2 下载地址:

http://www.filewatcher.com/d/Gentoo/distfiles/Other/iptables-1.4.6.tar.bz2.463758.html

l7-protocols-2009-05-28.tar.gz 下载地址:

http://download.chinaunix.net/download.php?id=25732&ResourceID=5525


Linux中iptables设置详细

http://www.linuxidc.com/Linux/2012-03/56066.htm 

 


以上是关于linux命令:编译安装iptables的主要内容,如果未能解决你的问题,请参考以下文章

linux编译安装命令

编译安装httpd(6和7)

Linux 内核编译 Linux 内核 ③ ( 安装 ncurses | 安装 flex | 安装 bison | 打开 Linux 内核编译配置菜单 )

linux下如何编译源码包或者说是安装

TypeScript安装、编译

Linux编译安装nginx并平滑升级和回滚