The Study Of Implementation Of The Linux Firewall System

Posted on:2005-05-03

Degree:Master

Type:Thesis

Country:China

Candidate:M C He

Full Text:PDF

GTID:2178360182967322

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

Because of the superiority of open source code, the analysis of Linux source code not only has the teaching meaning, but also owns the scientific meaning. But the analysis is now mainly concentrated on the aspects of memory management, process scheduling, file system and equipment driver etc. As for the part of network, especially the analysis of firewall, it is still very fragmentary. One of this paper's main purposes is to make a complete analysis of Linux kernel firewall.Linux kernel firewall adopts the method of layering, and it can be easily extended. The first layer is Netfilter, which provides an abstract general packet mangling frame. By registering hook functions on the hooks, we can implement the packet filtering and NAT subsystem. The second layer is IP Tables and Connection Tracking models. IP Tables still has the extensibility. The rules of firewall has three parts: ip information, match and target. First, the registered function matches the ip information. If it is matched successfully, then deal with the part of match. If it is still matched successfully, do the target. Connection tracking can implement the 'stateful' firewall. It can be extended in the aspect of protocol and helper. The NAT has been realized above it. The implement of NAT is mixed with IP Tables, because its rules and the rules of IP Tables subsystem is based on the same thought. The target and helper can be extended too.This article depicts Linux firewall system. Firstly, this article introduces the frame of Netfilter and the usage of the user space tool iptables. Secondly, this article depicts how an IP package passes through the TCP/IP stack by an example. The third, introduce the basic data structures needed by Netfilter frame. The fourth, put forward the implementation of iptables, especially on the package filtering system. Lastly, depict the implementation of the connection tracking and NAT. The result of this article has been put into effect on the Kingnet SOHO routers, which run stably and efficiently and get a high evaluation.

Keywords/Search Tags:

Netfilter, iptables, NAT, Packet filtering, Linux, Firewall

PDF Full Text Request

Related items

1	Research And Implementation Of P2P Traffic Control Based On QoS Bandwidth Management
2	Design And Implementation Based On Netfilter/Iptables Firewall
3	The Design And Implementation Of Personal Firewall With Intelligent Packet Filter
4	Configration And Analysis Of Netfilter/Iptables In Linux Kernel
5	Research And Rules Improvement Of Iptables
6	Based On The Linux Gigabit Wire-speed Firewall Design And Realization
7	Research And Implemention On Firewall Based On Linux Suitable For Protecting From Denial Of Service Attacks
8	Research On Exact Single Pattern Matching Algorithm In Netfilter/iptables Firewall
9	The Analysis And Research Of Firewall Based On Linux System
10	Study And Implement Of High Performance Firewall Technology