摘要
讨论并分析了Netfilter的功能框架、工作原理及数据包过滤的实现机制,研究了在Netfilter框架中如何扩展用户自定义的可装载内核模块,开发并实现了IPv4协议下基于IP和端口的数据包过滤防火墙功能。深入学习和研究Netfilter框架及其可扩展性,该研究也为构建特定用户安全需求的防火墙系统提供借鉴。
Netfilter framework,work theory and implementation mechanisms are brief introduced. Then as a sample is stated how to develop user-defined firewall kernel module in Linux Netfilter,to implement data packets filtering function which based on IP and port in IPv4. The reaches also can offer experience about advanced development of high performance price ratio and expandability firewall system.
出处
《科学技术与工程》
2010年第18期4525-4529,共5页
Science Technology and Engineering