摘要
在嵌入式状态检测防火墙应用中,规则冲突检测是影响系统安全及服务质量的关键。由于嵌入式系统受系统资源制约,基于文本的防火墙规则检测较基于数据库完整性检查的规则冲突检测更灵活、实用。文章首先对iptables防火墙管理程序及其脚本的语法规则进行介绍;然后完成基于文本的防火墙规则检测算法的实现,最后对算法性能进行了分析。
Firewall rules collision detection is important in the application of the embedded status filtering firewalL It can affect the security and the QoS of the system. In some embedded systems, the storage of which is small scale, the text-based firewaLl rules collision detection mechanism is more flexible and practical than the database-based one because of the limit of the resource of the systems. In this paper, we firstly introduce the iptables firowaLl management program and its script grammar.. Then we implement the textbased firewall rides coLlision detection in an embedded system. FinaLly, we analyze the performance of the coLlision detection algorithm.
出处
《实验科学与技术》
2009年第6期153-156,共4页
Experiment Science and Technology
基金
西南交通大学大学生科研训练计划项目(SRTP)
