Design And Research On Embedded IPv6 Firewall Based On ARM System

With the rapid development of computer networks, the existing IPv4 network defects such as the lack of address space and poor security has already been exposed. IPv6, as the next generation Internet Protocol, provides many improvements considering address space and quality of security. It has been recognized in communication industry. IPv6 networks are deployed around the world. But the IPv6 protocol is not perfect. The introduction of many protocol mechanisms has brought new security risks.Firewall as an important means of network security has been widely used in IPv4 networks. However firewalls which support IPv6 protocol are mostly applied in the IPv6 network backbone, they can not be deployed in small local area network and corporate network. Therefore in this paper we will research and design an ARM-based embedded IPv6 firewall.In this paper, a profound analysis of IPv6 packet, and the characteristics of the existing IPv6 network security issues has been carryed on. Combined with current IPv6 firewall research results, the overall filtering firewall program in IPv6 environment is also proposed. The program adds IPsec AH and ESP module for the authentication and decryption of IPv6 packets operations, filters the unencrypted or decrypted plaintext IPv6 packet with the Linux 2.6 kernel ip6tables tools. Users can add the filter rules according to actual needs.Based on the above program an ARM-based embedded IPv6 firewall system is designed. The firewall hardware platform takes S3C2240 (ARM9) as the core processor, SDRAM and NAND-Flash as expansion memory, two DM9000 network control chips are connected to an external non-trusted network and the internal trusted network. The firewall software platform is built by transplanting bootloader, embedded Linux, YAFFS file system, DM9000 dual network interface card drivers and ip6tables tool sets.After the deep analysis of the ip6tables core filtering mechanism, we design the IPv6 packet filtering module, and add a set of firewall filter rules. Based on these rules users can also add the filter rules according to actual needs. Finally, we test these filter rules which has been added to the firewall. Test results show that the designed ARM-based embedded IPv6 firewall can rightly filter IPv6 package according to user setting rules.