Design of A New Firewall Based on Netfilter
In the current network environment, applications have been the main carrier of network. More and more threats come from the application layers which bring about higher requirements to the network access control. The problems of how-to accurately recognize the users and applications, to block up the applications with potential safety hazards, to ensure the normal use of legitimate applications and prevent port stealing and others, have been the focus of current network safety. Since IP is not equal to the user, and the port is not equal to application either, the traditional firewall based on the fivetuple array access control strategy of IP/port cannot effectively adapt to the huge changes of current network environment any more. Based on the firewall of next generation, this paper takes the instant messaging software QQ as an analysis object to propose an improved content filter firewall which could block QQ login through extracting, analyzing and judging the content of data packet in the network. The technology proposed by this paper can accurately identify the users, applications and contents according to their behaviors and characteristics, with the ability of complete safety protection.
Firewall of Next Generation Linux Netfilter
Bao Zhong Liang Huaqing
Department of Electronic Engineering China University of Petroleum Beijing, China
国际会议
杭州
英文
624-627
2012-03-23(万方平台首次上网日期,不代表论文的发表时间)