摘要
介绍了由netfilter数据包处理框架和iptables用户空间工具组成的基于2.4以上版本内核的Linux防火墙的全新架构,分析了防火墙对数据包进行处理的位置的选择,以及防火墙对数据包进行处理的多种方式以及防火墙的连接跟踪功能,最后给出了防火墙的具体应用,为基于2.4以上版本内核的Linux防火墙的应用提供了参考。
This paper introduces a brand- new architecture of the Linux firewall based on the kernel of 2.4 and above version, composed by the packet mangling framework NETFILTER and the user- space tool IPTA- BLES. It also analyzes where to mangle the packets when they traverse the protocol stack, the ways packets are mangled and the connection- tracking function of the Linux firewall. A detailed application of the firewall is demonstrated at the end of this paper to give some references for using the Linux firewall based on the kernel of 2.4 and above version.
出处
《西安邮电学院学报》
2008年第3期94-98,共5页
Journal of Xi'an Institute of Posts and Telecommunications
