Research And Implementation Of Firewall During The Period Of IPv4/IPv6

With the penetration of network technology into people's daily life, network security is becoming more and more important and it is the main project concerned with national security and society welfare. Many countries have invested a lot on the research and development of network security technology. As the first line of network defence, firewall checks all the traffic between inner protected network and outer Internet, which verifies the legitimacy of traffic and improves the capability of network. Therefore, firewall is an important technology of network security.Meanwhile, as the key protocol of Next Generation Network, IPv6 protocol preferably solves the problems faced by current IPv4 protocol. IPv6 protocol is also designed to meet the requirements for quantity and quality of future network infrastructure. However, it's difficult to update all the infrastructure from IPv4 to IPv6 at a short term. Nowadays, IPv6 Transition/Coexistence becomes a very important problem when IPv6 is put in practice. Therefore, it becomes a focus to analyse and research network security technology during this period.Under such a research background, the thesis is organized as follows. First, the principles of IPv4/IPv6 transition mechanisms are introduced and their security considerations are presented in detail. Then the thesis summarizes the security problems that may occur under the environment of IPv4/IPv6 network, which reflects the significance to research and implement firewall during the period of IPv4/IPv6. Subsequently, firewall technology is introduced, and its security requirements are further analyzed. Then, the thesis proposes a solution. The thesis also describes the system structure of Netfilter and particularly pays attention to the implemention of packet filter module during the period of IPv4/IPv6. Additionally, the firewall's graphic interface is realized, which provides a convenient way for adding and modifing rules. Finally, the thesis presents the testing process of firewall to prove the validity of the solution.The innovation of the thesis is to introduce the concept of transitional rules and associate IPv4 and IPv6 in Netfilter. Consequently, firewall can still play an important role during the period of IPv4/IPv6.