Based On The Linux Packet Filtering Firewall With

With the fast development of computer network on kinds of business, network security is attached great importance to by more and more people. It plays a more significant role in maintaining the normal network working, and has become an important characteristic of the contemporary information society. Among many ways, firewall is the most effectual one. Some examples about network attack are presented firstly.Above all, this paper discusses the summary on historical development of firewall and presents its perspective on this. It considers the every application facets for the entire network, focuses on center of network security . It describes the most important conceptions and minds in designing firewall .At the same time, it also introduces what is input packet, output packet, their ideas based on firewall as well.From the logic of setting up firewall , the article introduces three significant contents which are the details of network dialogues, ideas on input packet and output packet and how to open the public Internet services with selecting, with some examples. At the same time, it also explains the theories on hacker attack as usual, including TCP SYN Flooding, Ping Flooding and UDP Flooding and so on.In the implementation of firewall, the designer takes advantage of ipchains which is based on Redhat Linux operation system, Linux 2.4 kernels to construct firewall under kinds of network torpo structure. The paper also describes and explains firewall tool, ipchains and its correlative parameters in detail, and elaborates packet filter process as well. Before setting up firewall, it introduces different kinds of torpo architectures with ipchains, tool to design firewall. There are two policies to design firewall, default deny and default accept. They are compared with some correlative scripts. Furthermore, this paper introduces three different network architectures which are Single system, Bastion firewall screening subnet and the net work with DMZ (demilitarized Zone)defending network, elaboratess theories of NAT (Network address translation) and DMZ(Demilitarized Zone), with the practical examples based on DNS(Domain Name Service).In practical, this paper describes how to design filter firewall based on Linux operating system for medium-sized enterprises to protect their network security and save their expense. It can screen the defended subnet and share one real IP with all computers in subnet by NAT. ON the other hand, it can resolve the conflict between providing network services and protecting subnet so that the efficiency firewall is set up to fit for the more complex security policy.The filter firewall researched on this paper has many advantages, such as simple structure, strong focalization and lower expense and so on. It can provides theoretical basis and reference on constructing and maintaining a small-scale network.