| With the development of Internet Technology, the information security has become particularly important. So firewalls become the most important products of information security, and determine the security of the network. However, in these days, firewalls are no longer adapted to the complexity of the network because of the shortcomings. Under today's network situation, we need a new type of firewall to solve these problems.In this paper we analyze deficiencies and shortcomings of the traditional firewall system and try to design a new type of firewall model-the distributed and content filtering firewall. And at last we use the firewall frame of Linux system tools—Netfilter/IPtables and design some models.Generally, in the paper, we will improve and optimize the system from the following three aspects.Firstly, we will discard the traditional firewall topology and design the distributed firewall based on IPSec protocol. This firewall including central server of strategy, host firewall and border firewall. In this way the distributed firewall will protect security both inside network and outside network.Secondly, the traditional firewalls which mainly do packet filtering are not efficiency. This paper will want to solve this problem and design a content filtering model, this new firewall model working in the network layer and combine packet filtering and content filtering together, thus enhancing the reliability and efficiency of the firewall.Thirdly, the efficiency of content filtering firewall depends on its algorithm. By analyzing efficiency of several pattern-matching algorithms, we find that AC-BM algorithm is more efficient than others. So we optimize it and applied it to the firewall content filtering, which will further enhance the efficiency of firewall filtering.Finally, we will do some experiments about this new firewall and analysis the results. It proves its rationality and possibility. |
PDF Full Text Request