|
參考文章 移植iptables到mini2440 iptables 1.4.3.1 移植到TE2440(arm9) 原文地址:移植iptables到arm linux2.6.28.7 內(nèi)核版本 2.6.28.7 arm-linux-gcc版本4.1.1 iptables版本1.4.3.1 1,、內(nèi)核添加netfilter支持 make menuconfig打開(kāi)內(nèi)核配置,增加以下內(nèi)核選項(xiàng)(均選為built-in [*]),,保存后,,重新編譯內(nèi)核 [*] Networking support ---> Networking options ---> [*] Network packet filtering framework (Netfilter) ---> 這個(gè)選項(xiàng)必須選上,,否則你不會(huì)見(jiàn)到后面的選項(xiàng) Core Netfilter Configuration ---> 里面所有選項(xiàng),,全選 IP: Netfilter Configuration ---> 里面所有選項(xiàng),全選 2,、交叉編譯iptables 1)從netfilter官網(wǎng)下載iptables,,下載地址http://www./projects/iptables/downloads.html#iptables-1.4.18 lingd@ubuntu:~/arm$ tar -jxvf iptables-1.4.3.1.tar.bz2 lingd@ubuntu:~/arm$ cd iptables-1.4.3.1/ 2)創(chuàng)建iptables安裝目錄 lingd@ubuntu:~/arm/iptables-1.4.3.1$ sudo mkdir -p /app/iptables lingd@ubuntu:~/arm/iptables-1.4.3.1$ sudo chmod 777 -R /app/ 3)配置iptables lingd@ubuntu:~/arm/iptables-1.4.3.1$ ./configure --prefix=/app/iptables --host=arm-linux --with-curnel=/usr/src/linu --prefix=/app/iptables指定安裝目錄 --host=arm-linux指定iptables的運(yùn)行環(huán)境,使configure生成Makefile時(shí),,編譯器選擇arm-linux-gcc(make時(shí)使用arm-linux-gcc交叉編譯) 其他配置選項(xiàng)參考./configure --help 4)編譯并安裝iptables lingd@ubuntu:~/arm/iptables-1.4.3.1$ make lingd@ubuntu:~/arm/iptables-1.4.3.1$ make install 安裝完成后,,將在安裝目錄/app/iptables/下看到以下目錄和文件 lingd@ubuntu:~/arm/iptables-1.4.3.1$ ls /app/iptables/ bin include lib libexec sbin share lingd@ubuntu:~/arm/iptables-1.4.3.1$ ls /app/iptables/sbin/ ip6tables ip6tables-multi ip6tables-restore ip6tables-save iptables iptables-multi iptables-restore iptables-save lingd@ubuntu:~/arm/iptables-1.4.3.1$ ls /app/iptables/bin/ iptables-xml lingd@ubuntu:~/arm/iptables-1.4.3.1$ ls /app/iptables/lib libiptc.la libiptc.so.0 libxtables.la libxtables.so.1 pkgconfig libiptc.so libiptc.so.0.0.0 libxtables.so libxtables.so.1.0.0 lingd@ubuntu:~/arm/iptables-1.4.3.1$ ls /app/iptables/libexec/ xtables lingd@ubuntu:~/arm/iptables-1.4.3.1$ ls /app/iptables/libexec/xtables/ libip6t_ah.so libipt_DNAT.so libipt_TTL.so libxt_length.so libxt_SECMARK.so libip6t_dst.so libipt_ecn.so libipt_ULOG.so libxt_limit.so libxt_socket.so libip6t_eui64.so libipt_ECN.so libipt_unclean.so libxt_mac.so libxt_standard.so libip6t_frag.so libipt_icmp.so libxt_CLASSIFY.so libxt_mark.so libxt_state.so libip6t_hbh.so libipt_LOG.so libxt_comment.so libxt_MARK.so libxt_statistic.so libip6t_hl.so libipt_MASQUERADE.so libxt_connbytes.so libxt_multiport.so libxt_string.so libip6t_HL.so libipt_MIRROR.so libxt_connlimit.so libxt_NFLOG.so libxt_tcpmss.so libip6t_icmp6.so libipt_NETMAP.so libxt_connmark.so libxt_NFQUEUE.so libxt_TCPMSS.so libip6t_ipv6header.so libipt_policy.so libxt_CONNMARK.so libxt_NOTRACK.so libxt_TCPOPTSTRIP.so libip6t_LOG.so libipt_realm.so libxt_CONNSECMARK.so libxt_owner.so libxt_tcp.so libip6t_mh.so libipt_REDIRECT.so libxt_conntrack.so libxt_physdev.so libxt_time.so libip6t_policy.so libipt_REJECT.so libxt_dscp.so libxt_pkttype.so libxt_tos.so libip6t_REJECT.so libipt_SAME.so libxt_DSCP.so libxt_quota.so libxt_TOS.so libip6t_rt.so libipt_set.so libxt_esp.so libxt_rateest.so libxt_TPROXY.so libipt_addrtype.so libipt_SET.so libxt_hashlimit.so libxt_RATEEST.so libxt_TRACE.so libipt_ah.so libipt_SNAT.so libxt_helper.so libxt_recent.so libxt_u32.so libipt_CLUSTERIP.so libipt_ttl.so libxt_iprange.so libxt_sctp.so libxt_udp.so 3、下載新內(nèi)核和iptables到開(kāi)發(fā)板 1)通過(guò)dnw工具將新內(nèi)核下載到開(kāi)發(fā)板上 2)在開(kāi)發(fā)板上新建安裝目錄/app/iptables,,并將pc上/app/iptables下的文件拷貝到開(kāi)發(fā)板上/app/iptables,,在/etc/profile上PATH變量后加上:/app/iptables/bin:/app/iptables/sbin 3)測(cè)試iptables 查看當(dāng)前過(guò)濾規(guī)則 ~ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 添加過(guò)濾規(guī)則:網(wǎng)口eth0只允許接收192.168.1網(wǎng)管的數(shù)據(jù)包 ~ # iptables -t filter -A INPUT -i eth0 ! -s 192.168.1.0/255.255.255.0 -j DROP ~ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- !192.168.1.0/24 anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 注,我在開(kāi)發(fā)板上和pc上使用同樣的安裝目錄,,而不是分別將pc上iptables安裝目錄下lib,、bin、sbin拷貝到開(kāi)發(fā)板根目錄下相應(yīng)目錄,,就是為了避免執(zhí)行iptables時(shí)報(bào)錯(cuò)(找不到庫(kù)) 原文地址:移植iptables到arm linux2.6.28.7 |
|
|
