| With Internet application popularizing, the network have been the main platform which deliver data and exchange information. The security of network and information is the key of guaranteeing business on the network as usual. In order to prevent uncertain, potential and devastating incursion, firewall adopts the integrated network technique to separate intranet from internet.Research and discussion to the up-to-date connection tracking is presented in the paper. The main contents are described as following.Based on the research of the connection tracking and traditional firewall techniques, a kind of hardware firewall architecture is designed according to connection tracking through analyzing Iptables/ Netfilter software tool of the IP packet filter on the Linux system. The work flow of refreshing state list is also designed according as different protocol and givendata structure of state item.The hardware scheme of connection tracking technique is implemented using the design method of CAM+FPGA through comparing the deference of several firewall hardware design. The several important techniques such as data structure and memory management in the hardware implementation are researched deeply and implemented algorithm is put forward.After the performance analysis and evaluation of the implemented state firewall, the high speed network search engine can be known to eliminate performance bottleneck effectively. This firewall also can adopt regulations which consumers define and does not depend on the pre-defined application information. The executing efficiency is higher than application gateway. It does not identify the special application information and define different regulations to different information. It is of merit of retractility. The firewall refreshes automatically the state list at any moment according to packet head information. The design style in the paper is uniform to give a new thought of firewall design.
|
PDF Full Text Request