The Analysis And Research Of Firewall Based On Linux System

Internet is closely related to science and technology as well as public life,and at the same time the security problems of network is more and more serious. The firewall, network authentication and data encryption are the usual network security technologies in the process of building secure network environment,and firewall is the most popular and widely used network security technology so far.With the advantages of open source, free, high reliability and high security, Linux operating system has attracted more attention.Management of LAN is more and more popular with Linux operating system,whose firewell is Netfilter/iptables,with advantages in the function, stability, security and scalability,etc.Around the analysis and research of network security,with the combination of Netfilter/iptables,this paper involves the following:1,The basic concept of a firewall, the background of the research and the research status of this area.2,The features of Linux 2.4 Kernel Netfilter firewall system's structural framework, the working principle and its implementation mechanism in the kernel. We focus on the locution of Netfilter framework in the Linux operating system kernel,the structure and function of the mount point and the hook function in Netfilter framework and the function of registration functions and uninstall function.3,The operating principle of iptables, and the implementation process of commands contained in them.4,In the aspect of the design and realization of Linux-based Intelligent Packet Filtering Firewall, we first study the limititions of content security and application proxy technology in packet filtering technology of traditional firewall,and then propose the design ideas of intelligent firewall according to its parts. On this basis, under a more detailed discussion of the the algorithm used in the three modules of basic packet filtering, content filtering, and logging,we give the architecture and implementation methods of intelligent firewall.The intelligent firewall we designed is setted on a dual NIC Linux server, connecting the internal network and external networks to achieve the function of packet filtering between them.5,In the test of Intelligent firewall system,we tested the three designed modules of basic packet filtering, content filtering and logging,giving the specific test environment and test methods,and then the test results are analyzed and compared.