linux防火墙基本知识（Basic knowledge of Linux Firewall）.doc

linux防火墙基本知识（Basic knowledge of Linux Firewall） Firewall classification (1) packet filtering firewalls. Packet filtering (packet Filtering) technology is to select data packets at the network layer, the choice is based on the filter logic set in the system, known as access control table (access, control, lable, ACL). By checking the source address and destination address of each packet in the data stream, the factors such as the port number and protocol status, or their combination, to determine whether the packet is allowed to pass. The advantage of the packet filter firewall is that it is transparent to users, fast processing and easy to maintain. The disadvantage is that illegal access once the attack can break the firewall software and configuration vulnerabilities on the host; the port number of the packet source address, destination address and IP in packet head, can be easily forged. IP address spoofing is one of the most commonly used attacks against this type of firewall. (two) proxy service firewall Proxy service (proxy service) is also called link level gateway or TCP channel. It is in view of the existing packet filter and application gateway technology and the introduction of the shortcomings of the firewall technology, which is characterized by the network communication links all across the firewall is divided into two sections. When the proxy server receives the users access request for a site, it checks that the request conforms to the control rule. If the rules allow the user to access the site, the proxy server will go to the site for users to retrieve the required information, and then forwarded to the user, inside and outside the network user access is achieved through a proxy server on the link, which is isolated inside and outside the firewall computer system function. In addition, the proxy service is also analyzed and the registration of past data packets, and the formation of the report, at the same time when there are signs of the attack wi