Linux防火墙的设计与实现.doc

摘要 目前防火墙的产品很多，而且其功能都十分强大，但是对于个人的小型应用来说价格都是很高，而在这一应用规模上可以选择的防火墙产品并不多。因此，设计一个适合于个人的具有包过滤功能的防火墙是很有必要的。 本设计首先对netfilter的框架进行了整体的了解，然后在这个框架中构造自己的一个过滤规则，其次对基于netfilter中的个人防火墙进行了详细的规划，讨论了个人防火墙在目前网络中的重要性，与研究的意义。对于本次设计，提出了三项功能，第一，要实现过滤规则；第二，与数据库结合，对历史信息进行分析。第三，与日志进行结合，可以对当前问题进行分析。目前这个阶段只是解决了第一个目标，另外两个目标正有待继续进行。第一个目标的实现过程是：首先是自己设置过滤规则，在这个过滤规则中，用到钩子函数，来钩取外部的数据包与自己所设置的过滤规则相比对；其次通过注册函数把自己设置的过滤规则注册到系统内核中，从新启动网卡就可以开始实现自己的过滤规则了。通过对过滤规则的详细设计，与一些数据库与日志相结合，来让这个个人防火墙更完美，功能更强大。通过对个人防火墙的设计，达到了过滤一些内容信息的目的。 关键词 防火墙 过滤 Abstract Many of the current firewall products, and its features are very strong, but for small applications, individual prices are high, and in the size of the pplication firewall products can choose not many. Therefore, to design a suitable ersonal firewall with packet filtering is necessary.  The design is first carried out on the netfilter framework of overall understanding, and then construct their own in the framework of a filter rule, followed in the netfilter based personal firewall for the detailed planning, disCussed the personal firewall in the importance of the current network , and research significance. For this design, made three features: Firstly, to achieve the filter rules; II: combination with a database of historical information for analysis. Third: to combine with the log, you can analyze the current problems. Resolved at this stage only the first target, the other two goals are to be continued. The first objective of the implementation process is: First, set up their own filtering rules, in this filter rule, use the hook function to hook to take an external packet filter rules set by their own than on; followed up function by their own set up filtering rules to the system kernel, the rest is to start filtering. Through the detailed design of filter rules, with some combination of databases and logs to make this personal firewall is more perfect, more powerful. Through the design of personal firewall, reaching some of the content filterin