| With the rapid development of science and technology, computer networking industry also develops as rapidly, which has an enormous impact on global technology, economy and social life. The scope of computer networks, particularly the Internet, is very broad, which covers not only the fields of finance, those of the government, but other fields of life. Information sharing is also one of its major features. Due to the frequent theft of QQ numbers or hot spot, network security products that attract more and more attention. Currently, of all network security products, firewalls, which occur the earliest and most heavily used, are widely used by users and research institutions. Yet the ordinary firewalls fail to avoid such problems as network applications by structural constraints and internal security concerns, low efficiency and high failure rate, and so on.Embedded firewall is a new type of firewall based on embedded technology, which will be gradually extended to the network security policy ends, effectively overcome the perimeter limitations of traditional firewalls, and create a more perfect framework of security protection. Linux bears the quality of open source portability and mature Netfilter/Iptables Firewall framework, whose features make it possible being transplanted and forming an embedded firewall system.This thesis focus on the designing, implementation and testing of Linux Firewall. First, it proposes and works out a kernel cropped of programme in Linux based on embedded Linux firewall framework of ARM processor; second, due to the low performance of Netfilter/Iptables in big number rules set, it figures out solution plans, proposes the means of using the firewall by combining Iptables with NF-hipac, and Ipset, and develops into detailed plans via marking process steps; third, as the system has been realized, performance test results and the thorough functions can be obtained. Functional testing is to prove the availability of the system; main performance testing is to provide parameters that affect the performance of the system and find out ways of optimizing systems by changing the parameters and testing them. At last, the log analysis and assist management system is designed for firewall, and the testing proved that the system functions well for small-scale applications. |
PDF Full Text Request