| Netfilter/iptables防火墙性能优化方案与实现 |
| |
| 引用本文: | 朱立才,杨寿保,宋舜宏. Netfilter/iptables防火墙性能优化方案与实现[J]. 计算机工程与应用, 2006, 42(15): 117-120 |
| |
| 作者姓名: | 朱立才 杨寿保 宋舜宏 |
| |
| 作者单位: | 盐城师范学院计算机系,江苏,盐城,224002;中国科学技术大学计算机系,合肥,230026 |
| |
| 基金项目: | 中国科学院资助项目;安徽省科技攻关项目 |
| |
| 摘 要: | 随着网络带宽的增加,匹配规则集的增大,对netfilter/iptables防火墙的性能要求也越来越高。文章在对netfilter/iptables工作机制进行分析的基础上,提出了基于防火墙规则分组的方法提高规则匹配效率的优化方案,并在Linux下进行了具体实现。测试结果表明这种方法能够有效提高防火墙的性能。
|
| 关 键 词: | netfilter/iptables 防火墙 规则集 性能优化 |
| 文章编号: | 1002-8331-(2006)15-0117-04 |
| 收稿时间: | 2005-12-01 |
| 修稿时间: | 2005-12-01 |
The Performance Optimization Scheme and Implementation of Netfilter/iptables Firewall |
| |
| Zhu Licai,Yang Shoubao,Song Shunhong. The Performance Optimization Scheme and Implementation of Netfilter/iptables Firewall[J]. Computer Engineering and Applications, 2006, 42(15): 117-120 |
| |
| Authors: | Zhu Licai Yang Shoubao Song Shunhong |
| |
| Affiliation: | Department of Computer Science,Yancheng Teachers College of China,Yancheng,Jiangsu 224002;Department of Computer Science,University of Science and Technology of China,Hefei 230026 |
| |
| Abstract: | As the increasing of network bandwidth and firewall ruleset,the function of netfihediptables needs higher performance.In this paper,we first analyze the principle of netfilter/iptables,and then bring up a scheme of grouping the firewall rules to prompt the rule match efficiency.At last we implement it in Linux,From the result of performance test, we can reach a conclusion that this measure can increase the firewall performance. |
| |
| Keywords: | netfilter/iptables |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
