| Linux中Netfilter/iptables的研究与应用 |
| |
| 引用本文: | 赵亚楠,马兆丰.Linux中Netfilter/iptables的研究与应用[J].中国科技论文在线,2014(10):1174-1177. |
| |
| 作者姓名: | 赵亚楠 马兆丰 |
| |
| 作者单位: | 北京邮电大学信息安全中心,北京,100876 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | Netfilter/iptables是Linux 2.6内核中的通用性功能框架,能够对数据包进行处理。分析了基于Linux内核的Netfilter/iptables框架以及iptables表、链的关系与作用;应用Netfilter/iptables中的包过滤特性建立了内外网间的防火墙,通过手动配置iptables规则的方式对数据包进行有目标性的过滤,防止非法数据攻击,实现了阻隔Ping洪水攻击、拦截特定网段数据包、数据包入队等待后续处理等功能,达到了保证内网安全的效果。
|
| 关 键 词: | Linux内核 数据包过滤 规则表 |
Research and application of Netfilter/iptables in Linux |
| |
| Zhao Yanan,Ma Zhaofeng.Research and application of Netfilter/iptables in Linux[J].Sciencepaper Online,2014(10):1174-1177. |
| |
| Authors: | Zhao Yanan Ma Zhaofeng |
| |
| Institution: | (Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China) |
| |
| Abstract: | Netfilter/iptables is a general function frame for data packet process in Linux 2 .6 kernel.The functions of Netfilter/iptables frame,iptables chart and chain,and the relationship between them are analyzed.A firewall between internal and external networks is set up.The rules are configured manually to filer targeted packets.It is applied to prevent illegal data attack and ob-structing Ping flooding attack,intercept the packets of specific network segment and enqueueing the data packets for subsequent processing,and guarantee the security of internal network. |
| |
| Keywords: | Linux kernel packet filtering iptables |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
