基于状态IPv4/IPv6安全网关混合策略研究

Research on State-Based Mixed Policy of IPv4/IPv6 Security Gateway

IPv4到IPv6的渐进式的演化过程中,必然会出现IPv4I、Pv6双协议长期共存的过渡时期,而如何解决不同协议栈通讯时的访问控制问题已经成为IPv4/IPv6互连环境的安全问题中的基本问题。本文分析了一种基于翻译机制的IPv4/IPv6安全网关中包过滤的处理流程,并采用规则树方式描述其基于状态的包过滤混合策略,方便规则管理的同时,提高了匹配效率。

Though Internet Protocol Version 6 has been accepted as the backbone protocol of next generation Internet widely, there is expected to be a long transitional period in which two protocols will coexist. So, how to control the access between the different protocols is the basic issue in security of different networks. Based on IPv4/IPv6 translation mechanism, this paper, after presenting a flow of packet filter in security gateway, describes the mixed rules of state - based packet filtering with a policy tree, which makes both convenient management and high matching efficiency.