摘要
状态检测防火墙技术通过检查网络应用程序信息,来判断传输层TCP的端口是否需要临时打开,且当传输结束时,TCP端口马上恢复为关闭状态,它是从TCP连接的建立到终止全过程跟踪检测的技术,比简单包过滤防火墙技术具有更大的安全性。对基于Linu(xredhat)状态检测防火墙的相关开发技术进行研究和探讨。
Stateful inspection firewall can judge whether the transmission port permits the opens temporarily by checking the information of application procedure, when the transmission is ended, the port recovers the out state immediately. It is a track and test technique from the establishment of the TCP connection to its termination. It has much more security than the simply packet filter firewall. This essay carries further discussion about the realization of the stateful inspection firewall based on the Linux.
出处
《安徽工业大学学报(自然科学版)》
CAS
2006年第4期455-458,共4页
Journal of Anhui University of Technology(Natural Science)
基金
安徽财经大学重点教研项目(ACJYD200508)
关键词
状态检测
包过滤
防火墙
入侵检测
stateful inspection
packet filter
firewall
intrusion detection