Centos+iptables+l7-filter 封QQ MSN和P2P
来源:互联网 发布:javascript编程实战pdf 编辑:程序博客网 时间:2024/03/29 08:05
L7-filter (Application Layer Packet Classifier for Linux),是 Linux netfilter 的外挂模块, 它能使 Linux 的 iptables 支持 Layer 7 (Application应用层) 过滤功能, 限制封杀 P2P、即时通讯软件。
Centos 4.4
Kernel 2.6.9-42.0.3.EL
Iptables 1.2.11
1.下载所需软件包:
kernel 2.6.19.7
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.19.7.tar.bz2
iptables 1.3.7
# wget http://www.netfilter.org/projects/iptables/files/iptables-1.3.7.tar.bz2
L7-filter http://sourceforge.net/project/showfiles.php?group_id=80085
netfilter-layer7-v2.12.tar.gz
l7-protocols-2007-06-22.tar.gz
2.配置编译新内核
首先将所下载的软件都放置于/usr/src目录下
# tar zxvf netfilter-layer7-v2.12.tar.gz
# tar xjvf linux.2.6.19.7.tar.bz2
# ln -s linux.2.6.19.7 linux
# cd linux
# patch -p1 < /usr/src/netfilter-layer7-v2.9/kernel-2.6.18-2.6.19-layer7-2.9.patch (打L7-filter的内核补丁)
# make oldconfig
(如果之前曾经编译过,需要先执行 make mrproper 。make oldconfig会自动对比之前的kernel config,根据之前版本的配置生成一个kernel config,这样方便我们在编译新核心的时候,无须在从头修改所有的核心设置)
# make menuconfig 设定内核参数,具体参数可以参考这篇文章 内核编译详解
核心不同,内核选项的排列方式有可能不一样,仔细找一下可以找到:
Code maturity level options –> [*] Prompt for development and/or incomplete code/drivers
Networking –> Networking options –>
[*] Network packet filtering (replaces ipchains) –>
IP: Netfilter Configuration –>
<M> Connection tracking (required for masq/NAT)[*] Connection tracking flow accounting
<M> IP tables support (required for filtering/masq/NAT)
<M> Layer 7 match support
# make
# make modules
# make modules_install
# make install
# reboot
# uame -a
Linux jason.10235 2.6.19.7 #1 Fri Jul 6 11:56:11 CST 2007 i686 i686 i386 GNU/Linux
系统已经更新至新内核 2.6.19.7
3.更新升级Iptalbes的Layer7补丁
# cd /usr/src
# tar xjvf iptables-1.3.7.tar.bz2
# cd iptables-1.3.7
# patch -p < ../netfilter-layer7-v2.0/iptables-layer7-2.0.patch
# chmod +x extensions/.layer7-test
# export KERNEL_DIR=/usr/src/linux-2.6.19.7
# export IPTABLES_DIR=/usr/src/iptables-1.3.7
# make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install
# iptables -V
iptables v1.3.7 已经更新至新版本
4. 安装Layer7 协议文件
# cd /usr/src
# tar zxvf l7-protocols-2007-06-22.tar.gz
# cd l7-protocols-2007-06-22
# make install
5.使用iptables layer-7 filter:# iptables -t mangle -I PREROUTING -m layer7 --l7proto edonkey -j DROP (禁止edonkey)
# iptables -t mangle -I PREROUTING -m layer7 --l7proto bittorrent -j DROP (禁止bt)
# iptables -t mangle -I PREROUTING -m layer7 --l7proto qq -j DROP (禁止QQ通讯)
# iptables -t mangle -I PREROUTING -m layer7 --l7proto msnmessenger -j DROP (禁止edonkey)
# iptables -t mangle -I PREROUTING -m layer7 --l7proto xunlei -j DROP (禁止迅雷)
# iptables -t mangle -I PREROUTING -m layer7 --l7proto kugoo -j DROP (禁止kugoo)
# iptables -t mangle -I PREROUTING -m layer7 --l7proto yahoo -j DROP (禁止Yahoo! Messenger)
- L7-filter 支持的通讯协议 L7-filter Supported Protocols
- Centos+iptables+l7-filter 封QQ MSN和P2P
- Centos+iptables+l7-filter 封QQ MSN和P2P
- Centos+iptables+l7-filter 封QQ MSN和P2P
- Centos+iptables+l7-filter 封QQ MSN和P2P
- iptables+l7-filter 封QQ MSN和P2P
- iptables+l7-filter 封QQ MSN和P2P
- 利用iptables+l7-filter+opendpi封QQ和迅雷
- 利用iptables+l7-filter+opendpi封QQ和迅雷
- 利用iptables+l7-filter+opendpi封QQ和迅雷
- 利用iptables+l7-filter+opendpi封QQ和迅雷
- 利用iptables+l7-filter+opendpi封QQ和迅雷
- centos 5.4+Layer7封qq、msn和p2p下载
- iptables之7层过滤(封QQ、MSN、P2P等)
- Ubuntu9.04配iptables L7封QQ详细过程
- Ubuntu下从零开始用Iptables L7彻底封QQ
- 如何封qq和MSN
- RHEL4升级2.6.19内核+L7补丁彻底封QQ,MSN
- iptables屏蔽QQ与MSN
- 摈弃 Windows 低效率的工作方式,发掘 Linux 身上的 UNIX 气质
- Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification
- jksadhf
- UNIX, Third Edition
- Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software
- Centos+iptables+l7-filter 封QQ MSN和P2P
- ISDN Explained: Worldwide Network and Applications Technology, 3rd Edition
- FileMaker Pro 7 Advanced for Windows and Macintosh: Visual QuickPro Guide
- Learn Vertex & Pixel Shader Programming with DirectX 9
- 我们为什么是80后 (转)
- Excel Advanced Report Development
- 3D Lighting: History, Concepts, and Techniques
- 男人的红颜知己 (转)
- Internet Phone Services Simplified (VoIP)