首页 | 本学科首页   官方微博 | 高级检索  
     

基于linux包过滤防火墙技术发展研究
引用本文:吴文刚,王庆生. 基于linux包过滤防火墙技术发展研究[J]. 太原理工大学学报, 2006, 0(Z1)
作者姓名:吴文刚  王庆生
作者单位:太原理工大学计算机与软件学院 山西太原030024
摘    要:介绍了Linux2.2和Linux2.4两个不同版本的内核对包过滤技术的支持机制和实现方案。在Linux2.2内核中,采用ipchains机制来控制包过滤,通过在输入链、输出链和转发链三个链表上设置规则达到包过滤;在Linux2.4内核中,IP数据包过滤系统实际上由Netfilter和ipt-ables两个组件组成,Netfilter是Linux核心中一个通用架构,它提供了一系列的“表”,每个表由若干“链”组成,而每条链中可以由一条或数条规则组成。通过对两种不同版本的包过滤机制的对比,分析了后者在前者基础上的改进和独特的优势,提出了下一步的研究方向。

关 键 词:ipchains  netfilter  iptables

Research on Technology Development of Firewall Based on Packet Filtering of Linux
WU Wen-gang,WANG Qing-sheng. Research on Technology Development of Firewall Based on Packet Filtering of Linux[J]. Journal of Taiyuan University of Technology, 2006, 0(Z1)
Authors:WU Wen-gang  WANG Qing-sheng
Abstract:Firstly we make a brief introduction of supporting theory and realizing method of filtering packet based on the kernel of Linux2.2 and Linux2.4,which control packet filtering with ipchains theory in Linux2.2 filter packets by set rules in input chains,output chains and forward chains;In Linux2.4,IP packets filtering system is made up of Netfilter and iptables,Netfilter is a universal frame,that is made up of tables,table is made up of chains,chain is made up of rules;there are a lot of rules in a chain,analyze the improvement of Linux2.4 after Linux2.2 and it's unique advantage by contrast packet filtering theory in Linux2.2 and Linux2.4,then propose the next step of researching.
Keywords:ipchains  Netfilter  iptables
本文献已被 CNKI 维普 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号