Research And Implementation Of Internet Behavior Management System Based On Netfilter

The development of internet technology is a double-edged sword for a large numbers of enterprises and institutions. On one hand it has brought great opportunities to those enterprises and institutions, but on the other hand it also results in higher network risk, complexity and confusion. The staffs at work time on network unfair access as well as doing unrelated things, have serious effects on the efficiency of the use of cyber sources of enterprises and institutions, and may bring more safe troubles. Therefore, how to provide a comprehensive and cost effective solution has the extremely vital significance to the effective control and management of the entire network of small and medium-sized enterprises and institutions. According to the above requirements, the main work of this paper includes:In view of the need of small and medium-sized enterprises and institutions to manage the Internet behaviors of users,we design and realize an internet behavior management system based on Netfilter framework after investigating a variety of typical internet behavior management products and flow control products. This system can achieve the goals of flexibly controlling the web access and the use of applications of each user and limiting the bandwidth and the application bandwidth of each user based on period of time. At the same time, it can audit and monitor all users’internet usage.In the design and implementation of this system, we firstly study the network traffic binding problem and thus enable the system to flexibly control these traffic according to the internet behavior management strategies of users by means of binding the network traffic to users on use of the Web authentication and HTTP redirection technology. Then aiming at the application recognition of network traffic we study the application protocol identification technology based on character string matching, design and implement a fast method which adopts PCRE and enables this system to control the use of network application for users. This system provides URL libraries which can be flexibly configured on filtering users’ webpage access. To solve the problem of matching the large-scale URL keywords,we study multi-pattern matching technologies, and use Bloom Filter and WM to ensure the matching speed in the implementation. In the aspect of bandwith control of Linux environment, we design and implement a flow control scheme based on TC to dynamicly manage the bandwith of users and applications. And this system can also audit the access to webpage and the use of applications and flow of users. In addition,this system also includes the web management interface, can let the administrator to configure the Internet behavior management strategies of each user, and makes them become effective in the corresponding Internet behavior management equipment.Finally, we test the functions and the performance of this system in our actual environment. The test results show that this system can achieve the anticipated demands, and the network throughput performance of the network is basically not affected.