| At today’s rapid development of computer network technology, the conflict of the needs and implementation of information sharing has been effectively resolved, however the security of open information resources is increasingly becoming a technical and social problem which can not be ignored. As a security barrier between the internal and external network, a firewall can isolate the connections between risky and safe network. Linux has good network performance and open source features, Linux2.4 and 2.6 kernel firewall subsystem netfilter/iptables is simple, efficient and has good scalability. Therefore more and more developers choose it as the basis of home gateway firewall realization.This thesis, carries out in-depth research on the framework and working principle of netfilter. on this basis, introduces iptables framework structures and the relationships between tables and chains, at the same time, introduces the working principle of iptables and the use of iptables command; then it introduces the relationships between tables and chains of ebtables and the working principle of ebtables, finally introduces the use of ebtables command.On this basis, introduces the extend capabilities of firewall in home gateway:(1) adding time limit for some iptables rules. Allow us to match the packet based on the time arrive or leave. (2) adding time limit for some ebtables rules. Allow us to use mac address to control the online time of computer. (3) analysing the principle of DNS rebinding attacks and proposing some defense attack methods, then using iptables rules to prevent such attacks; (4) adding some custom chains to manage the existing rules of home gateway and make it easier to manage. At last, using a large number of experiments validate the extend functions of iptables, summing up the results and future prospects. |