# cd /usr/src # wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.tar.bz2 # wget http://iptables.org/projects/iptables/files/iptables-1.4.5.tar.bz2 # wget http://enterprise.bih.harvard.edu/pub/tarpit-updates/iptables-1.4.2-tarpit.diff # wget http://ufpr.dl.sourceforge.net/sourceforge/xtables-addons/xtables-addons-1.18.tar.bz2 # wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.22.tar.gz # wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz
# for archive in *.bz2; do tar -jxf $archive;done # for archive in *.gz; do tar -zxf $archive;done
# ln -s linux-2.6.31 linux # ln -s iptables-1.4.5 iptables # ln -s xtables-addons-1.18 xtables-addons
# cd /usr/src/linux
# patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
# make menuconfig
Networking options --->
...
...
[*] Network packet filtering framework (Netfilter) --->
Core Netfilter Configuration --->
Netfilter connection tracking support
...
...
"layer7" match support
# make -j 4 bzlilo && make -j 4 modules && make modules_install
# cd /usr/src/iptables/extensions # cp ../../netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.* . # sed -i 's/exit_error(/xtables_error(/' libxt_layer7.c # cd .. # patch -p1 -NE < ../iptables-1.4.2-tarpit.diff # cp /usr/src/linux/include/asm-generic/bitsperlong.h /usr/src/linux/include/asm/ # ./configure --with-ksource=/usr/src/linux \ --prefix=/usr --with-xtlibdir=/lib/xtables --libdir=/lib --enable-libipq --enable-devel # make && make install # cd /usr/src/l7-protocols-2009-05-28/ # make install
# cd /usr/src/xtables-addons # ./configure --with-xtables=/lib --prefix=/usr \ --mandir=/usr/share/man --infodir=/usr/share/info --libexecdir=/lib \ --with-ksource=/usr/src/linux --includedir=/usr/include/ # make && make install
# iptables -j TARPIT -h # iptables -m ipp2p -h # iptables -m layer7 -h