| With the development of computer and network technology, internet has been become an integral part in people’s lives. Likewise, it brings people a new threat:network security.Firewall is the most common measure to prevent virus and network attack. At present, most of the forwarding rules are executed by routers and switches or other hardware devices base on the structure of packet headers. But different devices may have different forwarding rules. Traditional firewalls have the defects of high cost and inconvenience for maintenance. The network devices, once they have been brought to the market, can hardly be replaced or modified.By studies over both foreign and domestic firewall technology, this article put forward a new firewall design base on SDN (software-defined network) and database technology. The new firewall design is allowed to define your desired network routing and forwarding rules through programming. It centralized management of firewalls and become much more flexible and intelligent. Meanwhile, it makes the new firewall design more reliable and efficient by leveraging the database merits.In order to verify effectiveness of the firewall design, the Mininet was applied to build network topology in the Virtual Machine to simulate a real network environment. It added or deleted rules through the simulant rule management system, verified reliability through iperf, ping and ssh command, then captured and analyzed data flow between virtual hosts through wireshark. |
PDF Full Text Request