The Netfilter-Based Content Filtering System

The network information should be distinguished, good or bad, with the network garbage information more and more. Netfilter is a flexible and extensible infrastructure inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet Filtering, network address [and port] translation (NA [P] T) and other packet mangling. The content Filtering system is established based on the frame of Netfilter, which is a viable project.This paper puts forward a content Filtering system model based on the Netfilter. The model makes good use of the safe function of Netfilter. Thesimilarity-based approach is used for content Filtering. The keywords in characteristic rules are searched by standard binary search. Filtering strategy is that the characteristic rules are continuously optimized according to the Filtering result, which improves precision and recall. The content Filtering modules are embedded in Linux kernel. The different Filtering method is chose based on the characteristics of the network data. The network data path is optimized. These improve the Filtering velocity. The system can be deployed in the IPv4 and IPv6 network and increase the security of network.