it is assumed that you have got the kernel source tree, configured and at least the modules compiled
donwload and unpack the source
run KERNEL_DIR= make to compile the userspace tool and the kernel modules
run KERNEL_DIR= make install to install the ipset userspace tool and the kernel modules
In order to use to the set match and SET target
you need iptables 1.4.4 (or above), or
due to the ipset protocol change, you have to recompile iptables before 1.4.4 to get ipset 3.0 (or above) supported:
Copy the file kernel/include/linux/netfilter_ipv4/ip_set.h from the source tree of ipset-3.9 to include/linux/netfilter_ipv4 in the source of iptables
Recompile iptables
and ready!

Refer : http://ipset.netfilter.org/install.html

apt-get install gzip unzip bzip2 patch
apt-get install debhelper screen fakeroot zlib1g-dev build-essential libncurses5-dev kernel-package

apt-get install linux-source-2.6

cd /usr/src/

wget http://downloads.sourceforge.net/project/l7-filter/l7-filter%20kernel%20version/2.22/netfilter-layer7-v2.22.tar.gz
wget http://downloads.sourceforge.net/project/l7-filter/Protocol%20definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz

wget http://www.ssi.bg/~ja/routes-2.6.26-15.diff

wget http://www.linuximq.net/patchs/linux-2.6.26.8-imq-test2.diff
wget http://www.linuximq.net/patchs/iptables-1.4.3.2-imq_xt.diff

wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.3.2.tar.bz2

tar jxf linux-source-2.6.26.tar.bz2
tar zxf netfilter-layer7-v2.22.tar.gz
tar zxf l7-protocols-2009-05-28.tar.gz
tar jxf iptables-1.4.3.2.tar.bz2

ln -sd linux-source-2.6.26 ./linux

cd linux

patch -p1 < /usr/src/netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
patch -p1 < /usr/src/routes-2.6.26-15.diff
patch -p1 < /usr/src/linux-2.6.26.8-imq-test2.diff

Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration.
[ ] layer7 match support

[*] select all
[M] select all

"IMQ" target support
"layer7" match support
[ ] "Layer7" debugging output

ติดตั้งแบบ ด่วน
make && make modules && make modules_install && make install
cd /boot
mkinitramfs -o initrd.img-2.6.26.19 2.6.26.19
update-grub
reboot

สำหรับสร้างเพื่อไป Install ที่อื่น (.deb)

make clean && make mrproper
make menuconfig

make-kpkg clean
fakeroot make-kpkg –initrd –append-to-version=-l7imq kernel_image kernel_headers
cd /usr/src
dpkg -i linux-image-*
dpkg -i linux-headers-*

reboot

iptables v1.4.3.2 เพื่อให้รองรับกับ layer7
cd /usr/src/iptables-1.4.3.2
patch -p1 < /usr/src/iptables-1.4.3.2-imq_xt.diff
cp /usr/src/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.3.2/extensions/
./configure –with-kernel=/usr/src/linux
make
make install
cd /usr/src/l7-protocols-2009-05-28
make install

modprobe xt_layer7

Files rc.local

modprobe xt_rateest
modprobe xt_helper
modprobe xt_dccp
modprobe xt_TPROXY
modprobe xt_NFLOG
modprobe xt_limit
modprobe xt_tcpmss
modprobe xt_connbytes
modprobe xt_owner
modprobe xt_sctp
modprobe xt_DSCP
modprobe xt_MARK
modprobe xt_IMQ
modprobe xt_statistic
modprobe xt_quota
modprobe xt_layer7
modprobe xt_TCPOPTSTRIP
modprobe xt_recent
modprobe xt_NOTRACK
modprobe xt_iprange
modprobe xt_CONNSECMARK
modprobe xt_multiport
modprobe xt_CONNMARK
modprobe xt_RATEEST
modprobe xt_policy
modprobe xt_dscp
modprobe xt_pkttype
modprobe xt_length
modprobe xt_CLASSIFY
modprobe xt_physdev
modprobe xt_SECMARK
modprobe xt_connlimit
modprobe xt_tcpudp
modprobe xt_TRACE
modprobe xt_realm
modprobe xt_conntrack
modprobe xt_string
modprobe xt_hashlimit
modprobe xt_mac
modprobe xt_time
modprobe xt_mark
modprobe xt_comment
modprobe xt_u32
modprobe xt_NFQUEUE
modprobe xt_TCPMSS
modprobe xt_socket
modprobe xt_esp
modprobe xt_state
modprobe xt_connmark
modprobe nf_conntrack_ftp
modprobe nf_conntrack
modprobe nf_nat_ftp
modprobe nf_nat

ทดสอบ Layer7
iptables -m layer7 -h

Block Bit
iptables -A FORWARD -m layer7 –l7proto bittorrent -j DROP

iptables -nvL | grep LAYER

ทดสอบ IMQ
http://www.linuximq.net/usage.html