l7-protocols-2009-05-28.tar.gz
netfilter-layer7-v2.21.tar.gz
iptables-1.4.4.tar.bz2
linux-2.6.31.6-imq.diff
ipp2p-0.8.2-kernel-2.6.22.patch
ipp2p-0.8.2-kernel-2.6.28.patch
ipp2p-0.8.2-iptables-1.4.0.patch
ipp2p-0.8.2-iptables-1.4.1.patch

install dependency needed
"apt-get update"
"apt-get install build-essential kernel-package libncurses5-dev fakeroot iptables-dev"

"cd /usr/src/"
"apt-get source linux-image-`uname -r`"
"chmod -R a-s /usr/src"

compile and patch
"tar xvzf l7-protocols-2009-05-28.tar.gz"
"tar xvzf netfilter-layer7-v2.21.tar.gz"
"tar xvjf iptables-1.4.4.tar.bz2"
"ln -s /usr/src/iptables-1.4.4 iptables"
"ln -s /usr/src/linux-source-2.6.31 linux"
"cd /usr/src/linux"
"patch -p1 < ../netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch"
"patch -p1 < ../linux-2.6.31.6-imq.diff"
"cd /usr/src/iptables"
"patch -p1 < ../iptables-1.4.4-imq.diff"
"cp ../netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/libxt_layer7.* extensions/"
"chmod +x extensions/.IMQ*"
"cp /boot/cp /boot/config-2.6.31-14-generic-pae ./.config"
"cd /usr/src/linux"

make menu config for linux kernel
"make menuconfig" >> it will show costumize menu kernel
the please choose:
Device Drivers -> Network device support-> {M} IMQ (intermediate queueing device) support IMQ behavior (PRE/POSTROUTING) (IMQ AB)
and:
Networking support-> Networking options-> Network packet filtering framework (Netfilter)-> Core Netfilter Configuration-> Netfilter Xtables support
and:
mark with {M} for all contain word layer7 and imq

create deb file
"make-kpkg clean"
"make-kpkg --initrd --append-to-version=-layer7-imq kernel_image kernel_headers >> this is long run process depend on your linux machine, you can take your cofee"
"dpkg -i ../linux-*.deb"
then reboot your inux box

lets test you imq is already
"modprobe imq"
"ip link set imq0 up"
"ifconfig" >> you should see imq0 dummy device

"tar xvjf ipset-3.0.tar.bz2"
"cd ipset-3.0"
"make KERNEL_DIR=/usr/src/linux"
"make KERNEL_DIR=/usr/src/linux install"
"cp kernel/include/linux/netfilter_ipv4/ip_set.h /usr/src/iptables/include/linux/netfilter_ipv4/"
"cd /usr/src/iptables/extensions"
"nano libxt_layer7.c"
change all exit_error with xtables_error
example look like this
static struct xtables_match layer7 = {
.family = AF_INET,
.name = "layer7",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_layer7_info)),
.userspacesize = XT_ALIGN(sizeof(struct xt_layer7_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
.print = &print,
.save = &save,
.extra_opts = opts
};

"apt-get remove --purge iptables"
"cd /usr/src/iptables"
"./configure --with-ksource=/usr/src/linux"
"make"
"make install"
"iptables -m set –help"
"cd /usr/src/l7-protocols-2009-05-28"
"make install"
test iptables layer7
"iptables -A FORWARD -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto http -j DROP"
"iptables –nvL" >> it will show iptables rule
"cd /usr/src"
"tar xvzf ipp2p-0.8.2.tar.gz"
"cd ipp2p-0.8.2"
"patch -p1 < ../ipp2p-0.8.2-kernel-2.6.22.patch"
"patch -p1 < ../ipp2p-0.8.2-kernel-2.6.28.patch"
"patch -p1 < ../ipp2p-0.8.2-iptables-1.4.0.patch"
"patch -p1 < ../ipp2p-0.8.2-iptables-1.4.1.patch"
"nano libipt_ipp2p.c"
change all exit_error with xtables_error
example look like this :
.name = "ipp2p",
.family = PF_INET,
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct ipt_p2p_info)),
.userspacesize = XT_ALIGN(sizeof(struct ipt_p2p_info)),
.help = &help,
"nano Makefile"
change “ld -shared -o libipt_ipp2p.so libipt_ipp2p.o” with “$(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o”

make your iptables already pathing
"make"
"cp libipt_ipp2p.so /usr/local/libexec/xtables/"
"cp ipt_ipp2p.ko /lib/modules/2.6.28.9-l7/kernel/net/netfilter/"
"depmod -a"
test your iptables already ipp2p module
"iptables -A FORWARD -m ipp2p --ipp2p -j DROP"
"iptables -nvL"