| 基于状态检测的TCP包过滤在Linux下的实现方法 |
| |
| 引用本文: | 张佳,赵静凯,崔伟,黄皓.基于状态检测的TCP包过滤在Linux下的实现方法[J].计算机工程与应用,2004,40(11):152-155. |
| |
| 作者姓名: | 张佳 赵静凯 崔伟 黄皓 |
| |
| 作者单位: | 南京大学计算机科学与技术系,南京,210093;南京大学计算机软件新技术国家重点实验室,南京,210093 |
| |
| 摘 要: | 该文主要介绍了在Linux2.4内核下基于状态转换和检测的TCP包过滤的实现方法。通过对传统全状态包过滤防火墙的改进,增加了状态转换和连接序号检查,增强了防火墙的安全性。通过日志记录异常状况,系统管理员可以采用相应的措施防止潜在的攻击。
|
| 关 键 词: | 防火墙 全状态 包过滤 Linux Netfilter |
| 文章编号: | 1002-8331-(2004)11-0152-04 |
How to Implement TCP Packet Fitering Based on State Inspection in Linux |
| |
| Zhang Jia Zhao Jingkai Cui Wei Huang Hao.How to Implement TCP Packet Fitering Based on State Inspection in Linux[J].Computer Engineering and Applications,2004,40(11):152-155. |
| |
| Authors: | Zhang Jia Zhao Jingkai Cui Wei Huang Hao |
| |
| Abstract: | Th is paper introduces some ways to implement TCP packet filtering base d on state transform and inspection in linux kernel2.4.This way adds state transforming and sequence check mechanism to enhance traditional stateful firewall.Firewal l security is enhanced by this way.Further more,system administrator can preve nt latency attack by checking out the firewall log. |
| |
| Keywords: | Firewall State ful Packet Filtering Linux Netfilter |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
