| With the application of network techniques, the security problem in network becomes the hotspot in computer application filed. Firewall technology is an important network security project, and it is very significant for guarantee the security of network.Multistage stateful-inspection technology is a compositive application of packet-filter, stateful-inspection, content-inspection, and authentication. It means that inspects packet is inspected extensively based on many inspection technology. The research of this technology is utility, for it can be widely used in the security of network. The research content of this paper is the theory and application of technology. The paper combines the theory with practice, and constructs a Firewall system based on the Netfilter mechanism of Linux kernel.At first, the paper analyses characteristic of some current firewall's technology and firewall system. After introducing the Netfilter mechanism of Linux 2.4 kernel, the paper brings the scheme of information filter with kernel; after introducing the theory of iptables, the paper brings the scheme to realize packet-filter, NAT, etc. The paper designs and realizes a Firewall System with multistage stateful-inspection technology, and introduces the theory and realization of the subsystem in Firewall system. In Content-Inspecting System, the paper gives a content-inspection scheme with Kernel technology and adopts an improved BM arithmetic to inspect more information of packet in network layer. The paper gives an authentication scheme with Kernel technology to improve the security of system in Authentication System, which is a reliable method of information hiding. Finally it concludes the work of the paper and presents some expectation. |
PDF Full Text Request