Research Of Distributed Firewall In IPv6 Environment

Computer network is used in many ways, such as politics, economy, culture and life. Network is becoming an important part in our everyday work and life. Therewith, network security is breaking open directly, and becoming a primary problem, which is faced by the applications of network. And then, network security technology is unparalleled regarded broadly nowadays.As one of the most important technology of network security, firewall technology is becoming an important way in the research of network security.Contrasted with IPv4, IPv6 is the basic protocol of next generation network, and has many advantages. Firstly it solved the problem that the amount of IP address be hard up.Secondly IPv6 improved the deficiency of IPv4, and it is remarkable that integrates IPsec. IPsec is not alone.It uses IPsec to encrypt and authenticate datagram in IP layer.This dissertation surrounded the excellency of IPv6 and firewall technology adequately, studied the key technologies of the design and implement of a distributed firewall based on IPv6.The paper has finished the following work mainly:The characteristic of IPv6 and the implementary mechanism of IPsec were analized,and the hidden troubles of security were studied.Some necessary technology problems in the design and realization of IPv6 firewall have been made clear.After researching elemental studies and technologies of firewall,comparing the architecture and theory of traditional firewalls with distributed firewalls,the problems a traditional firewall facing and technology superiorities of distributed firewall appear.A relatively complete prototype of distributed firewall DFWS is built up.DFWS reserved the traditional network boundary firewalls'advantages in the new design,and embeded the functions of firewall to the terminal of network.According to the idea of collecting management and detract execution ,center manager and field manager answer for network management and establishing security policy,and hand out them to host firewalls and network firewall to execute.This design solved the efficiency bottleneck of traditional firewall,inside aggress and being nocapable of resisting distributed aggress etc.Based on the Netfilter function framework on Linux 2.4x, we designed and implemented stateful packet filtering center firewall .The content includes the design and implement of packet filtering modules ,the design and implement of access control...