Design And Implementation Of Packets Filter Firewall Based On Linux

With the fast development of the network technology, network security problems become more and more serious. Responding to the trend, all kinds of security technologies has come out, such as firewall, virus detection, cryptography technology, identity authentification etc. Three principles about computer network security are: secrecy, integrity, efficiencies. Secrecy means that the data are accessed by whom under privileged, the else are forbidden. Integrity means that data are in complete state. Efficiencies mean that you can access data normally when you need to access it. The three principles guide computer security field, it also support frame of this paper.Firewall is the filter that is on the edge between extenal network and interal one, which suppress the unwanted datas. The interal network is regard as secure and trusted, but extenal network is supposed unsecure and untrusted. It forbidden the unexpected commucation enter the interal network which is protected.From technical empletmentition, the firewall can be devided into packets filters firewall, application gateway firewall, proxy firewall and states detection firewall, etc. From the state, it can be devided into software firewall and hardware firewall. Software firewall supply application software which is installed on the public operating system such as Microsoft Windows and UNIX.This paper shows the opinion: the packet filter firewall based on Linux is a software firewall, which fulfils its duties by using Netfilter & iptables. which using default policy to decide which packet will be acceptted, refused or dropped.This paper has discussed the model of OSI network reference model, IP, TCP & UDP transmissed mechnical, and sort IP address, as it gives the basic concept of firewall. Packets filter concerns the input data packets and output data packets. For remote host and local host, the combination of different ports will be dicussed here. The basic grammars of the firewall mangement program--iptables, the characteristics of the table of NAT, and the rules of grammar about iptables have all been dicussed in details. This chapter concerns most features.Firewall must have an acquaintance policy; it either drops all packets or accepts all packets. In the core of this paper, we describe one unattached firewall, which establishes an acquaintance forbidden policy in packets filter. At the beginning of scripts, it solves several possible attack points, such as, source address chat, protection unprivileged ports service and DNS; it also gives some examples about usual network service rules. For example, it discusses the basic internet service and the usual TCP service (E-mail, FTP, Web service). Now a packets filter firewall have come into being.At last, the paper gives the evolutions for the firewall, points its shortcoming is firewalls can't pretect attack from local area network and attack on the top protocol , and still mentioned the facet which will be improved. Also it gives the developing trends of firewall technology.