The Research And Design Of Firewall Based On Flow-filtering Technology In IPv6Environment

Internet with the rapid development in recent years has brought manyunprecedented changes to people’s life.A lot of things which can not be imagined beforecan now be completed in an instant only by a click on the mouse.But up to now,the IPprotocol we use today is IPv4developed in1981.With the development of Internet,thiskind of protocol standards can no more meet people’s needs and reflect a variety ofdrawbacks,including lack of address space,the guarantee of service quality and thesecurity of data transmission.As the alternative of IPv4，IPv6can solve the aboveproblems effectively.Also with the development of Internet, the network security isbecoming more and more important, and firewall is an essential technology in thenetwork security.Flow filtration technology is a relatively new technology in thefirewall system, which combines packet filtering and application proxy technology.Thedata in application layer can be filtered efficiently an transparently with thistechnology.So the research on the flow filtering firewall in IPv6environment is verynecessisary.The article firstly analyzes the IPv6environment and what the firewall systemneeds to change to adapt the environment.Then we carry out a detailed design of eachmodule of the firewall, including the diversion of packet, filtering technology, logsystem etc.I make use of flow filtering technology in the system, and give out the detailsof the design and the implementation steps of the flow filtering module; Based on thestudy and research on packet classification algorithms and pattern matching algorithms,I propose two improved algorithms on them,and apply them to the firewall filteringmodule,and also give out the details steps of implementation to make the system moreeffective and have better performance on the network throughput;At last,I make somefunctional tests and performance tests on the designed system.The detail work includesbelow:(1) Based on the analysis of IPv6environment compared to IPv4，I make out thedetail analysis and design of the IPv6firewall, make the firewall be able to run in thatenvironment. (2) And I design all the function module of the firewall system, including thelogmodule, the packet filtering module, the flow filtering module, client module etc.In thepacket filtering module.(3) In the packet filtering module, I apply an improved muti-dimensional IPclassification algorithm supporting range matching based on the RFC algorithm.(4) In the flow filtering module, I apply an improved muti-mode matchingalgorithm based on the AC-BM algorithm.(5) At last, I give out the steps of design and implementation, and make some tests,then analyse the result of the tests.