| With the rapid development of the Internet and the prevalence of computer network in many domains, problems on network security are increasingly serious and more and more arouse attention of people. In this paper, actuality of computer network is analyzed. Several network attack methods are studied. Network security technologies are discussed. Firewall is the earliest and the most prevalent products of network security technologies, and operates on protecting network information very much, and it is an efficient method for guaranteeing the security of information between the protected network and the external network. With the perfect performance of network and open-source characteristic, Linux has been selected by more and more people for firewall operation platform. The Linux firewall system develops very fast. From the beginning, it is Ipfwadm in Linux 2.0 kernel and later Ipchains in 2.2 kernel, and now it is Netfilter/Iptables framework in 2.4 and 2.6. In this development process, many changes occur with the basic concept and entire design. Netfilter is a generalized and extensible framework. This framework enables packet filtering, network address translation(NAT) and other packet mangling. This thesis discusses deeply the netfilter mechanism and iptables principle, analyzes how to design and realize the firewall based on netfilter technology. Use the rules of iptables and POM to design a sample firewall system, design a test module in 2.4 kernel mode for explain the extensible of netfilter framework. Through the secondary development of netiflter, the purpose is reducing various costs on the basis of insure the security of network, and researches the firewall system that high performance-price ratio. the future research and realization of netfilter technology will advance firewall technology.
|
PDF Full Text Request