| Nowadays, in the information society, society becomes more and more dependence on computer network, and network influnces society more and more. With the boosting of diversified network operation, network security becomes more and more important. So network security becomes an important research and development direction in the field of data communication, and a hot in the field of computer and communication. People pay more and more attention on network security.Firewall is the most popular and widely used in network security technologies at present. As the front line of security it is increasingly being discussed by more and more users during the course of building up secured network environment. Now firewall basically plays a role in prevention and becomes a necessary tool to network protection.To solve the problem that the current firewall could not effectively prevent the attack from the application layer software such as spy and trojan, a new firewall technology based on cross-layer analysis is proposed through the analysis of current network security and firewall technology. This technology can achieve content filtering in terms of application besides the basic packet filtering function. In order to get the characteristics of content, this paper also brings the idea of how to get the characteristics and the match policy. Moreover, this paper implements a packet filtering method based on DNS A record in order to solve the problem of multi-domainname and multi-ip in one web site.The research is developed in the Linux.Through adding the function module to the core firewall of the netfilter dynamicly, the research implements the content filtering and DNS A record packet filtering based on the analysis of the cross-layer technology, and verifies the feasibility and accuracy of the firewall technology based on the analysis of the cross-layer. |
PDF Full Text Request