| With the rapid development of Internet, many problems brought by IPv4 have been coming froth: the address resource is using up, current IP protocol is unsuitable to new network application and security is unable to ensure. It's necessity for IPv6 to replace IPv4. Meanwhile, the security of the next generation network has become the problem demanding prompt solution. Firewall, as a powerful tool in the security of Network, has been widely used in IPv4 Network. However, this powerful tool is seldom used in IPv6 Network.As an open source Operation System, Linux has been widely used on all kinds of platforms. Netfilter framework, which is the middle level of Linux Operation System and Firewall applications, has been integrated into Linux kernel 2.4 .Linux kernel 2.4 has supportted IPv6 protocol stack. Linux firewall is a kind of Packet Filter Firewall of stability and reliability in IPv4 Network, but It's no use in IPv6 Network.This paper analyzing the essential theory of IPv6 protocol group with comparing the difference of IPv4 and IPv6 protocol, IPv6 Addressing, IPv6 Header Formate, Network Scurity,Firewall and Netfilter.Because of the lack of high efficient firewall based on IPv6,the paper mainly discusses the overall plan of the IPv6 firewall system based on the Netfilter, and describes the choice of hardware platform and the filter ,optimization of basic situation.sepecially focuses on the key functions of IPv6firewall system based on the Netfilte under the circumstances of Linux:Package filter,Connection Track, Package Mangle. |
PDF Full Text Request