Research And Design Of Distributed Firewall System

This paper analyzes the architecture of distributed firewalls based on comparingwith the traditional firewalls: network firewalls and personal firewalls. It bringsforward a new design about the distributed firewalls in which some host firewalls anda control center constitutes the whole distributed firewalls with reserving the oldnetwork firewalls. A host firewall is a packet-fltering firewall that filters the networkpackets come from inside the network based on the information of networkapplication program, IP address, and TCP or UDP port and so on. It also can sendlogs to the control center. The packet filtering rules used in host firewalls are onlymanager by the control center. The BNF is used to formalize the packet filtering rules.The M/M/1 modal in the queue theory is used to analyze the stability of thedistributed firewalls system. At last a host firewall instance and a control centerinstance which work on the Windows operation systems is developed. And the maintechnology used to develop the host firewall is to use the Services Provider Interface(SPI) in the Windows Open System Architect (WOSA) to filter TCP/IP network datapackets.