基于Netfilter的包过滤防火墙设计

基于Netfilter的包过滤防火墙设计
 
摘 要 本文介绍了运用Netfilter防火墙技术，在LINUX环境上实现包过滤防火墙的方法和过程，在内容上主要包括了7个部分：第1部分对防火墙的概述；第2部分则介绍此次开发的平台LINUX和软调环境；第3部分对几种网络协议做了简单的分析；第4部分分析了网络攻击及其防御措施；第5部分则是本次设计的核心部分Netfilter框架分析以及防火墙的开发设计思路；第6部分则介绍LINUX设备驱动程序的设计，它是开发用户接口部分的理论基础；最后则是所开发程序的使用说明部分。
本防火墙程序具有可控制性强，能对外界访问采取有针对性的防御，并且加载快捷，可移植性强等优点。
关键字 防火墙；包过滤；设备驱动；协议

Packet Filter Firewall Designing Based On Netfilter
 
Abstract This thesis mainly deals with the packet filter firewall by applicating Netfilter on the basis of Linux, consisting of seven parts: first, it generally describes the firewall; second, it introduces the exploiting platform Linux and the software debug environment; third, it simply analyzes some networking protocols; fourth, it analyzes the network attacks and their defensing measures; fifth, it describes the most important part of the thesis--the analysis of netfilters frame and the exploiting and designing process of the firewall; sixth, it introduces the design of the device drivers of the Linux which is the theory base of exploting the users interface ; the last part is the applicating guide of its exploiting process.
This firewall owns merits of strong controllability, pertinent defence against outside visiting, load shortcutting and portability.
Keywords firewall; packet filter; device drivers; protocol

注释：不含源代码