| Content Filtering Firewall Function have been integrated into security facilities, which produced by xx Co., This thesis introduces a type of distributed Firewall System basing on the above function.The new distributed Firewall System that is composed of a strategy server and a firewall device, it introduces a sort of distributed conception. Through configure filtering keywords on the strategy server and distribute this configuration to the device so that the device could execute matching working, the distributed Firewall System carries out content filtering function. The strategy server is responsible for configuring filtering strategy and sends it to the firewall device. The firewall device contains two tasks. One of the tasks is named the transmission task. It receives and saves the configuration that is sent by the strategy server. The other is named inspection task. It executes the deep package inspection(match package content with strategy keywords) and return the result to the transmission task. During the two tasks running in parallel, once the transmission task receives a inspection result that means forbidden keyword occurrence in packet, then it discard the packet which in processing and disconnect the link between application server and user.The inspection task use efficient AC-BM string matching algorithm to inspect the packet content. A advantages of the algorithm is that the pattern string could shift greater distance according to the last matching result in order to reduce comparison frequency.This thesis implements content filtering functions for FTP, SMTP and POP3 application-layer protocol. According to the FTP protocol, filtering firewall mainly to prevent FTP client upload and download illegal file, and prevent send forbidden commands. According to the SMTP and POP3 protocol, filtering firewall mainly used to stop illegal users send or receive E-mail, and inspect the Email items, such as Subject, Content, Affix Filename, Affix Content. |
PDF Full Text Request