The Design And Implementation Of A Stateful Packet Filter And A Manager Tool Of GateGod Firewall

In the traditional firewall system, static packet filter technology is used. But there are many defects in this technology, one of which is that the efficiency of filtering is low. Moreover , with the static packet filter technology used, if you want the communication woks,you must keep some port open all the time,and then there is some security flaw, so the stateful packet filter technology is the trend at present. In this paper, a stateful packet filter subsystem that is part of the GateGod Firewall System is developed , and a manager tool of client that is used for manageing the GateGod Firewall System is implemented.Specifically, the contribution presented in this paper is as follows:1. The design and implementation of the stateful packet filter subsystem.2. The design and implementation of the Masquerading and the port-mapping subsystem.3. The design and implementation of the manager tool client of GateGod Firewall syste. In the subsystem, the C/S mode is introduced, and the client runs on Windows platforms, and the server runs on firewalls. Administrators can control the firewall by the client on Windows hosts, not on firewalls. It can exempt firewalls of risks. The graphic operational interface is introduced in the client, and the difficulty of administration and configuration falls greatly, and the possibility of configuration error reduces, and the security of firewalls increases.4. The customization of the Linux OS named MiniLinux, which GateGod Firewall runs on. Many insecure services have been ripped away, and the kernel has been customized. The minimum function has been provided, and firewalls run on the secure OS . The MiniLinux is based on DOM (Disk On Module),then the efficiency and the security is improved greatly.5. The design and implementation of log based on watermark technology in the GateGod Firewll log sysem. It can add watermark in log record, and protect log record's originality and unchangeableness. It provides a powerful and undeniable proof for log audit.On April 25 2003, Disease Resume Centre (DRC) based on Internet passed the appraisement of Sichuan Science and Technology Department. Every member in the appraisal council appraises DRC like this: The System is the first disease resume system, which is based on Internet across zone and platform, and its technology is the first rank. In the DRC, the GateGod Firewall Syesem ensures the the security of the data center and remote data and is applaused by the expert.