| IAD (Integrated Access Device) system can be widely used in NGN (Next Generation Network) as a kind of terminal device which integrated voice and data. IAD system simultaneously provide all services of voice,data and multimedia over the different networks.It is easily attacked from network for it locates in the complicated internet, so it must have firewall.The design and implementation of the firewall based on IAD system has analyzed and discussed by Linux Netfilter framework. I got firewall functions of IAD system for needs analysis, selected embedded Linux as IAD Firewall platform and security management as access ways. Analyzing IAD Firewall module determined the function of each module. I detailed analysis of Linux 2.4 Netfilter framework of the principle, on this basis the IAD firewall systems for design, to explore the firewall initialization, achieving the firewall basic functions and user rules. I present the complete contents of current on the basis of further development of the idea at last.IAD Firewall design consists of two parts: the basic functional rules and user rules. Basic function modules which include: statefull packet inspection module, the data packets state discrimination, access has been established linking of data packets; prevent denial of service (DOS) attacks module, prevention of common network DOS attacks. Users rules module include: PC scan module, scanning network users which have access to the information; URL filter filtration module, filtering illegal domain names and the special keyword containing the URL visit; Network Address Translation (NAT) module, implemented Port Forwarding and Port Redirect, demilitarized zone (DMZ) network address translation; Users rules module, the user group set up rules. |
PDF Full Text Request