The Design And Implement Of The Packet Filtering Firewall In The Application Layer In Linux

The development and popularization of network leads humanity into a new era of information technology. Network accounts for a large proportion in all aspects of life. However, traditional firewalls work in the network layer and can’t make effective prevention for the rapid spread of the virus through Email, malicious code embedded in web pages and HTTP attacks etc. Therefore it not only causes that people pay more attention to the network security of the application layer, but also accelerates the research of application layer packet filtering technology. Combining the existing packet filtering firewall and the application layer packet filtering technology, and detecting the packet both in the network layer and the application layer simultaneously can improve network security.Client can set every application type that might be used, filter a variety of application layer protocols, which strengthen the function of filtering in the application layer.In this paper, considering the existing problems of the application layer filtering productions, design and implement an packet filtering firewall in the application layer. The system integrate the capabilities of content filtering and virus detection based on the original packet filtering firewall.The main work accomplished in this paper:1. Design the flow with good flexibility and high reusability in the packet capture module. Data can be achieved without direct knernel design. The kernel layer put the data into the shared memory through the Netfilter configuration. The application layer need to call the Netlink socket interface to recieve the data in the shared memory.2. In the recombinant module, combine the hash table and HTTP session mechanism to establish a hash session list, fill the hash chain table with packets through the hash algorithms, and complete the restructuring. 3. Improve and implement a keyword matching algorithm in the content filtering module, and compare the message content with the key word in the keyword library one by one to decect illegal key characters to filter the content in the packet effectively.4. Detect the virus without having to restore the original file,using the flow engine and library to detect a certain number of packets directly. Optimization the virus detection process and the processing mode of "check only not kill" can reduce the system delay time due to packet forwarding effectively.