| As one of the most important part of network security,firewall more and more arouse people's attention. The Linux operation system had a widespread application in the IT field,the commercial servers and individual tabletop system because of its opening souce code,vigour, reliability, flexibility, costom-made character and many other advantages. Now there're some different kinds of firewalls based on Linux.At first,the paper introduces essential knowledge about firewall,including its define, strategies,function,classification and the comparison of different kinds of firewalls. And it also discusses some essential technologes of firewall,the devolopment of firewall based on Linux kernel and the most new technique of firewall. Then it presents some Linux knowledge related,such as:kernel compilation,the module mechanism,the Linux system boot process.This article also carried out in-depth research on Netfilter framework of principles and Iptables process, including the overall structure of netfilter framework, its important data structure, function, data processing flow, working principle; Iptables important data structure, the specific use of command, rules fill in the process. A detailed analysis of Iptables Firewall Design and Implementation is made.On this basis ,I conducted on the expansion and improvement of Iptables: 1. Add time module for Iptables. Allow us to match the packet based on othe time arrive or leave 2. By modifying the kernel as well as the source of the iprange module improved, expanded its scope to resolve ip address to support a variety of forms, many of the ip address of paragraph format of the address. Through a large number of experiments,I got satisfactory results, and analysis of the experimental difficulties encountered in the process, as well as solutions, summing up the results and future prospects. |
PDF Full Text Request