Linux防火牆技術的研究與實現
摘要:隨著以Internet為代表的全球資訊化浪潮的來臨,資訊網路技術的應用正日益廣泛和深入,而伴隨網路的普及,公共通訊網路傳輸中的資料安全問題也成為目前研究的熱點。
防火牆是實施網路安全策略的重要組成部分,是用在安全私有網路和外部不可信任網路之間安全連線的'1個裝置或1組裝置,作為私有網路和外部網路之間連線的單點存在。防火牆作為內部網路安全的屏障,其主要目標是保護內部網路資源,執行網路基本安全策略,防止內部資訊洩漏和外部入侵,提供對網路資源的訪問控制,發現安全隱患,為安全策略的完善提供幫助,監督各類通訊行為。
本文對Linux 2. 4核心防火牆NetFilter的原理進行了深入研究,分析了在NetFilter架構下防火牆的設計與實現,敘述了Linux的動態地址轉換,論述了在Linux下防火牆的設計和開發過程。以GNU為開發工具,作者基於NetFilter架構開發了1款包過濾的個人防火牆,並對其做了測試。
關鍵詞:網路安全;防火牆;Linux;方案設計;NetFilter;包過濾
Research and Realization of Firewall Based on Linux
Abstract:With the rapid develppment of information technology based on Internet; theapplication of information network techniques is extended more and owing popularization of Internet, the data security problems transmitting inInternet bring a hot challenge in the research field.
The firewall is inserted between the premises network and the Internet toestablish a controlled link and to erect an outer security wall or perimeter. The aimof this perimeter is to protect the premises network from Internet based attacks andto provide a single choke point where security and audit can be imposed.
This thesis discusses the netfilter mechanism of Linux 2.4 kernel, and analyzes how to design and realize the firewall based on netfilter technology, and also describes network address translation in Linux. Developed by GNU, a netfilter based firewall is realized and tested.
Keywords: Network Security; Firewall; Linux; Scheme Designing; NetFilter; Packet Filter
