Compile and install a new version of iptables 04/05 Update SLTechnology News&Howtos

Compile and install a new version of iptables

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

Compile and install a new version of iptables

Back up some important files of the original iptables

[root@mail ~] # cp / etc/init.d/iptables / root/

[root@mail ~] # cp / etc/sysconfig/iptables-config / root/

Uninstall the original iptables

[root@mail ~] # service iptables stop

[root@mail ~] # chkconfig iptables off

[root@mail] # rpm-e iptables-ipv6 iptables iptstate-- nodeps

Warning: / etc/sysconfig/iptables-config saved as / etc/sysconfig/iptables-config.rpmsave

Install iptables.1.4.6

[root@mail src] # tar-jxvf iptables-1.4.6.tar.bz2

[root@mail iptables-1.4.6] # cp / usr/local/src/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7. / usr/local/src/iptables-1.4.6/extensions/

Here the latter path is specified as your linux kernel source path

[root@mail iptables-1.4.6] # / configure-- prefix=/usr-- with-ksource=/usr/local/src/linux

[root@mail iptables-1.4.6] # make

[root@mail iptables-1.4.6] # make install

Modify the partial code of the iptables service script:

If [!-x / usr/sbin/$IPTABLES]; then

Echo-n "/ usr/sbin/" / usr/sbin/ "/ usr/sbin/IPTABLES does not exist."; warning; echo

Exit 0

Then copy the modified script with another configuration file and re-add iptables to the system service

[root@mail iptables-1.4.6] # cp / root/iptables / etc/init.d/

[root@mail iptables-1.4.6] # cp / root/iptables-config / etc/sysconfig/

[root@mail iptables-1.4.6] # chkconfig-- add iptables

Install extensions based on protocol filtering

[root@mail src] # tar-zxvf l7-protocols-2009-05-28.tar.gz

[root@mail l7-protocols-2009-05-28] # make install

Mkdir-p / etc/l7-protocols

Cp-R / etc/l7-protocols

[root@mail l7-protocols-2009-05-28] # service iptables restart

Agent surfing the Internet

The following three devices are available

Linux redhat device A:

Nic 1 bridged, ip address 192.168.1.11

Nic 2 host only, ip address 192.168.128.130

Linux redhat device B (Internet access):

Network card bridging, ip address 192.168.1.7, default gateway 192.168.1.1 (Internet access gateway)

The nameserver value in / etc/resolv.conf is also 192.168.1.1.

Windowsxp device C

Network card host only, ip address 192.168.128.131, default gateway 192.168.128.130

Device c is now required to allow device b to give it an agent so that it can access the Internet.

First of all, let the c device ping the b device

Add a nat rule for iptables on a device:

[root@mail l7-protocols-2009-05-28] # iptables-t nat-A POSTROUTING-s 192.168.128.0 SNAT 24-j SNAT-- to-source 192.168.1.11

Since the ip_forward of device an is on, device c is already able to ping device b.

Then let device c also have access to the Internet

At this time, device c only needs to use the dns address as well as the dns address of device b to surf the Internet.

Restrict qq login

Add the following rules to device a

[root@mail l7-protocols-2009-05-28] # iptables-A FORWARD-s 192.168.128.0 layer7 24-m layer7-- l7proto qq-j REJECT

Then log in to qq and you will be prompted as follows:

If you have previously logged in to qq, this restriction will not take effect until the user goes offline and logs in again.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.