| Firewall is a security protection system located between the internal and external net. It restricts the outside user from visiting the internal net, manages the rights of the internal users to visit the external net and protects the safety of the data of the internal machines in the net. The traditional border firewall cannot keep the safety of the internal nets, which can be solved by the distributed firewall system. The embedded firewall distributed in the LAN can ensure the safety of visit between the machines in the internal net. With respect to the internet protocol, IETF designed IPv6 protocol to solve the inadequacy of address caused by IPv4 net protocol. IPv6 has been designed with 128bit address length that tackles the address inadequacy properly. Moreover, the improvement in the structure of IPv6 protocol is helpful to better the internet security. The introduction of new protocol brings about the demand to update the devices currently applied in internet so as to support the IPv6.In order to solve the problem of the firewall's compatibility to IPv6 protocol and the security among the internal nets, the paper designs and implements the embedded IPv6 firewall based on Intel XScale IXP425 network processor . This firewall can be managed by visting WEB page from remote machine and can filter both Ipv6 packet and IPv4 packet. It can identify the protocol of the net packet and process it in respective ways with the main method of Dynamic Packet Filtering.The firewall also solves the problem of IPv6 fragmentation. The hardware system of the firewall is based on IXP425 network processor with good network characteristic, whose distributed processing framework and parallel implementation of its order flows ensure the embedded IPv6 firewall processes the data packet with high speed. The software system of the firewall is based on the Netfilter framework of the Linux with a sophisticated system to process the network packet .The framework support the embedded IPv6 firewall run with high stability and veracity . The web interface management helps the users to make the filter rule very convenient. By practice in making the filter rules, the paper reviews the performance of the firewall and testifies the accuracy and efficiency of the firewall. |
