Research And Implementation Of Log For Firewall Based On Linux

The world has been introduced into brand-new times with the rapid development and extensive application of information network techniques. While enjoying the convenience and efficiency brought by the network, people pay more and more attention to network security. Nowadays, the data transmitting security problems bring a hot challenge in related departments, enterprises and the research field.The firewall is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter. The aim of this perimeter is to protect the premises network from Internet-based attacks and to provide a single choke point where security and audit can be imposed.Based on the deep research of the netfilter mechanism of Linux 2.4 kernel and the analysis of the realization of the firewall in netfilter architecture, this thesis has described the design and processes of the IP packet filter, and displayed the implementation of the function in firewall Registration, user password, encryption arithmetic and log audit.Our firewall is a Linux-IP packet filter based on netfilter architecture composed of the functions such as Manager Registration, ACL, NAT and log system etc. I am mainly responsible for the implementation of log system, adopting the updated ulog-accted module to realize access log through the connections of firewall. The ulog-accted module working background generates log files, which are used to investigate the information connected by firewall. The ulog-acctedrecord reads the obtaining information into the log files through Linux 2.4+ netfilter IP packet. The important information includes timestamp, protocol type, port number, packets, byte, I/O interface operator and prefix etc.In introduction chapter I present an overview of the firewall research background, development and its significance, and point out my research work In the second chapter we have described the firewall concepts, techniques and working principle. Besides functional requirement, the log file is an important aspect during design and implementation. In the third chapter we have interpreted the concepts of log system and its features, common log files and corresponding format. In chapter 4 I dwell on the programs, arithmetic and the test process of the log system. Then I compared my log system with the popular ones in the market and I gave an accout of the work we will do. Chapter 5 is the summery of the thesis.Our firewall system aims at:1. Control the information packets and their direction in the network.2. Provide the transmitting data log.3. Hide the details of the internal IP address and network structure.Our firewall system can complete perfectly the log files necessary for auditing in firewall. It has great significance in log auditing.