The Research And Design Of The Firewall Are Realized On Linux's Systematic Platform

Along with the Internet rapid development, the network while provides the massive information to the user, also gave the malicious aggressor to provide illegal has invaded individual and the commercial system medium. Therefore guaranteed the server and individual tabletop system security became the urgent important question.The Linux operating system by its opening source code, vigorous and healthy, the reliability, the flexibility and a kind of infinite scope may having custom-made and so on many superiority in the IT field, the commercial server and individual tabletop system obtains the widespread application. Linux has in many sets at the function, enables the development personnel to be allowed according to own to need to have custom-made its tool, the behavior and the outward appearance, but does not need the expensive third party tool. And the netfilter frame function is formidable, and with Linux essence perfect union, thus becomes under the Linux system platform to carry on the main sharp tools which the network application expands.This article embarked from the firewall basic principle, introduced the firewall concept, the goal, the function and the commonly used firewall classification. Elaborated a TCP/IP agreement bunch of basic principle and the structure. Described the function of the access control lists' (ACL), the classification which the IP access control lists and actually the present method. Narrated the Linux operating system firewall development, as well as based on the essence 2.4.x netfilter/iptables barebone.Has designed in Linux in the 2.4.x essence operating system platform firewall portal frame construction. Meanwhile essence the most popular firewall constructed the platform netfilter frame to Linux in the 2.4.x to carry on the multianalysis, including the netfilter frame overall structure, the netfilter clasp position, in the iptables table construction of data and the firewall the application filtered the table (filter) and the network address translation table (nat), the rule construction of data, rule filling in with the application, the data match and the goal and so on. Completed this firewall frame start, stopped, as well as to load th ACL rule and NAT rule.