The Design And Implementation Of A Lightweight Firewall Based On Netfilter

With the rapid development of electronic and network technology, the computer gradually popularization and the Internet scale expands rapidly.The Internet also left a huge information security hidden danger when it brings convenience to people.Computer virus destroy computer system through the network, hackers steal data used for illegal purposes, etc. These bring great harm for network users.How to make the computer system protection against increasingly serious threats, has become an urgent need to solve.How to make the computer system protection against increasingly serious threats has become an problem which is in urgent need to solve now. Network security technology is developed to protect the network system and equipment from an increasingly serious and complex network threat. It is an important subject in the information age.A firewall is generally deployed between Intranet and extranet. It could insulate two network at a certain degree and protect the data of Intranet from stealing by examining the inflows and outflows of traffic data through Intranet. It strives to maximize the network intrusion prevention on the Intranet and is one of the most commonly used technology in network security protection.This dissertation firstly explains the source, background, the development status in the world and the main content of the research. Then analyzing Netfilter which is an underlying framework provided by Linux kernel and network protocol stack for the research on the basic principle of detecting network packets in the Linux system and the solution of rapid response of intrusion behavior. The firewall system is designed and implemented on this basis. It main contains log audit, data filtering, traffic monitoring and intrusion prevention function module. The log audit records system events and user operations. The data filtering inspection the packets through the Linux system and detect the packets’ content by the pattern matching algorithm to discard some packets that are not security according to user’s rules. The traffic monitoring can real-time monitor the network traffic of each process in the system and control the upload and download flow by protocol and IP address. The intrusion prevention integrates Snort intrusion detection software for rapid response and taking the related strategies to deal with the threats online. Finally, testing function and performance of all the modules in system and presents a corresponding conclusion.