| The research on firewalls has always been a focus in the field of network security. Firewall techniques have three phases as follows: packet filtering, proxy and stateful inspection.When it comes to the firewalls which are built on the universal operating systems, it is not difficult to find that most of them are based on the traditional TCP/IP stacks. Some hidden troubles do exist in such implementation since the security of firewalls themselves is not pay full attention to. On the other hand, there is a better solution to combine stateful inspection with proxy. Therefore, the purpose of this thesis is to design a firewall gateway based on the specific network stacks, the goals of which are transparence, high security and high efficiency.This design is based on Linux OS. The TCP/IP stacks of Linux are changed by kernel loadable module programming, then the specific network stacks and therefore the whole firewall system are realized. C language is the main programming language in this project.After near one year, the source codes of the Linux TCP/IP stacks and its firewall named Netfilter are read and analysed carefully so that the structure of the specific network stacks is clearer. The transparent mode is realized to make the firewall to be used more convenient. What's more important, the specific network stacks are to built to increase the security of the firewall itself. Moreover, the stateful inspection based on application level protocols analysis is realized to combine stateful inspection with proxy, so that the functions of the firewall are enhanced.Not only the development cost but also the cost for users to implement the firewall are quite low since the system is based on Linux. But it is more stronger than other similar firewall products. So it would be competitive in markets. Meanwhile, to make products for network security by Chinese themselves would benefit protecting the information security of native enterprises. Therefore, this project is also meaningful to our society.
|
PDF Full Text Request