Design and implementation of Linux Personal Firewall

Source: Internet
Author: User
Tags filter access firewall linux

Firewall is an important content of network security research, data packet capture is the premise of packet filtering firewall, this paper studies the data Packet capture module of personal firewall based on Linux host, and discusses the structure, composition and function of the packet capture module. Firstly, it discusses the importance of the information security and firewall, and gives the detailed classification of the firewall. Then it analyzes the general design of the personal firewall based on Linux host and the principle of the software and hardware platform, then discusses the structure and principle of the Packet capture module under Linux, and details its implementation steps.

Keyword Firewall Linux packet capture Module packet filter

First, firewall overview

Network firewall technology is a special network interconnection device which is used to strengthen the access control between the network, to prevent the external network users from entering the internal network through the external network, to access the internal network resources and to protect the internal network operating environment. It enforces checks on packets transmitted between two or more networks in accordance with certain security policies to determine whether communication between networks is allowed and to monitor network running status. 

According to the technology used by the firewall, it can be divided into four basic types: packet filter type, network address conversion-nat, agent type and monitoring type. The packet filtration product is the primary product of the firewall, and its technical basis is the packet transmission technology in the network. The advantages of packet filtration technology are simple and practical, low cost, in the case of relatively simple application environment, to a certain extent to ensure the security of the system to a lesser cost. Network address translation is a standard for translating IP addresses into temporary, external, registered IP addresses. It allows an internal network with a private IP address to access the Internet.

Proxy firewall can also be called proxy Server, its security is higher than packet filter products, and has begun to the application layer development. The advantage of proxy firewall is that it can detect and scan the application layer, which is very effective against intrusion and virus based on application layer. The disadvantage is that the overall performance of the system has a greater impact, and the proxy server must be set for all types of application that the client may produce, which greatly increases the complexity of the system administration.

Monitoring firewall is a new generation of products, can carry on the active and real-time monitoring to the data of each layer, on the basis of analyzing these data, the monitoring firewall can effectively judge the illegal intrusion in each layer. At the same time, this kind of detection firewall product generally also has the distributed detector, these detectors are placed in each kind of application server and other network nodes, not only can detect from the network external attack, simultaneously to from the internal malicious destruction also has the extremely strong guard function. The monitoring firewall has gone beyond packet filter and proxy Server firewall in security, but its implementation cost is high. Based on the comprehensive consideration of system cost and security technology cost, users can use some monitoring techniques selectively.

Second, based on Linux Personal firewall overall design

In this paper, the hardware and software environment of the firewall system and the development steps and functions of the firewall are studied, and the principle of the hardware and software platform required by the firewall system is explained in the end. Although all Linux systems have their own firewall kernel programs, they need to be configured to be able to protect network security.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.