Design And Implementation Based On Netfilter/Iptables Firewall

Nowadays, the network technology is developing rapidly, the issue of network security has become increasingly prominent, people pay more and more attention to firewall technology. It is necessary to design and develop firewall system for special requirements in the sensitive department. Linux operating system provides a kernel-based Netfilter framework, with the versatility and scalability, allowing developers can be combined with the network security needs, design and implement a firewall system.In the Linux operating system, netfilter provides an abstract, general framework which defines a realization of a sub-function known as packet-filtering subsystem. Iptables is a user tool specifying the rules of netfilter. For its powerful and flexible abilities, it is now widely used in small and medium-sized enterprises as network access server.Although the superiority of Linux firewall is obvious, but Linux firewall also has its own shortcoming such as the huge operating system and the complex operation. Aside from these weaknesses, Linux firewall has no affective management system. Base on thorough analysis to the firwall products and technology, the paper studied the firewall and relative techniques and designed and implemented the system of the Linux firewall.Based on analyzing the development of firewall technology, the paper analysed the demand of the enterprise firewall, the system of firewall is studied and overall designed to study and design a new firewall system. And taked effective measures to ensure the security of the information transport between server and browser.For the goal of design, designed enterprise-class firewall system, the operation is more convenient. Logging operation is one of important modules. Through comparative study, using the log file into MySQL database, and then operated on the data, digged out useful information. The firewall system design science, elegant interface, simple operation.Test results show that the anticipation of the firewall has been achieved. The ideas, design methods, algorithms mentioned in this thesis is valuable for developing firewalls on platform of Linux.