How to compile the debian kernel with iptables Layer 7 Support

Hi …

First you should download some package in order to compile your new kernel.

so in command line just type

aptitude update

aptitude install build-essential  kernel-package libncurses5-dev

then you should install the kernel source package by just typing …

cd /usr/src
apt-get install linux-source-2.6.24
wget http://iptables.org/projects/iptables/files/iptables-1.4.0.tar.bz2
wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
wget http://jaist.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2008-04-23.tar.gz
wget ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20080517.tar.bz2

then try to extract the source files in a you current directory

tar xvzf l7-protocols-2008-04-23.tar.gz
tar xvzf netfilter-layer7-v2.18.tar.gz
tar xvjf patch-o-matic-ng-20080517.tar.bz2
tar xvjf linux-source-2.6.24.tar.bz2
tar xvjf iptables-1.4.0.tar.bz2

create the following link in order to simplify the operation

ln -s linux-source-2.6.24 linux
ln -s iptables-1.4.0 iptables

Now at this time patching the kernel is started

cd /usr/src/linux

patch -p1 < ../netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.22-2.6.24-layer7-2.18.patch

cd ../iptables
patch -p1 < ../netfilter-layer7-v2.18/iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
chmod +x extensions/.layer7-test

cd ../patch-o-matic-ng-20080517

./runme –download
./runme ipp2p

cd /usr/src/linux
cp /boot/config-2.6.24-1-686 ./.config
make menuconfig

make-kpkg clean
make-kpkg –initrd –append-to-version=-siamvision kernel_image kernel_headers

dpkg -i linux-image+tab
dpkg -i linux-headers+tab

mv /usr/src/l7-protocols-2008-04-23 /etc/l7-protocols

and finally installing iptables

cd /usr/src/iptables
make KERNEL_DIR=/usr/src/linux
make install

thats it. now you can use layer 7 firewalling with your iptables.

regards

4 Responses to “How to compile the debian kernel with iptables Layer 7 Support”

  • By the way for Enabling the mentioned module in menuconfig please enable “Networking”— > “Networking Options” —- > Network Packet Filtering Framework” —-> “Core Netfilter Configuration ” — > “Layer 7 Match support”

    regards

  • louis vuitton:

    This is a exuberant blog and I relish in reading it every morning tender thanks you
    because sharing it!

  • Anonymous:

    Easily I acquiesce in but I think the list inform should have more info then it has.

  • I really liked reading your post!. Quallity content. With such a valuable blog i believe you deserve to be ranking even higher in the search engines :) . Check out the link in my name. That links to a tool that really helped me rank high in google. This way even more people can enjoy your posts and nothing beats a big audiance ;)

Leave a Reply

*

     Copyrighted Mehdi Behamin , All Rights Reserved
    
Blog has been visited 204248 times