Study Of Linux Firewall Based On Technology Of Stream Filter

The firewall technology is the footstone of the network security. This paper introduces the relevant contents of the firewall, including the basic conception, classes, technology and system structure. And this paper proposes a new technology of stream filter on this basis and introduces the definition, principle, characteristic and implement method of stream filter technology, etc. Finally the design and implementation scheme of Linux firewall based on stream filter technology is described in detail.The key technologies of the traditional firewall are packet filter, stateful inspection packet filter and application proxy. Packet filter and stateful inspection packet filter do well in the protection of transmission layer, but it is powerless in application layer protection and content filter. Application proxy is designed to protect application layer, but it can't be transparently deployed and deal with high-speed data flow.As a new firewall structure system, stream filter technology overcomes many defects of packet filter and application proxy firewall, together with both advantages. The principle of stream filter technology is uses the special TCP/IP stack to concrete application layer protocols , recombines the application layer data and filters the data after recombination on the base of stateful inspection packet filter. Stream filter technology provides the protection ability of application layer and make rule match form data-link layer directly to application layer.This design classifies datagrams two types: key datagrams and not key datagrams by ports and flag bits, and uses different technologies to deal with different datagrams. Packet filter technology deals with not key datagrams while stream filter technology deals with key datagrams. Stream filter technology recombines key datagrams which belong to the same session and filter the data after recombination with BM algorithm. If the data is illegal, it will be dealt with according to rule, or it will be sent to destination host. On the firewall structure, the firewall system of C/S structure is provided. The firewall system is composed of main routine and administration client. Main routine executes the main functions of firewall. Administration client accepts the realtime alarm information and provides the functions of viewing and regulating information for firewall administrators.