摘要
随着网络技术的迅速发展,应用网络技术和共享网络资源已经成为日常学习、工作中必不可少的部分.只要网络存在,安全问题就会作为一个极其重要和极具威胁性的问题存在.目前市场上有各种各样的安全工具,技术最成熟、最早产品化的就是防火墙,防火墙是安全策略的技术实现,包括滤系统是防火墙最基本、最重要、最核心部分.防火墙的包过滤规则是根据实际需要的安全策略来制定的,对规则集应该考虑整体是否有效、规范,而不应该是规则集中的每条规则是否有效、规范.研究了包过滤规则在应用之前能够进行规则的冲突检测,避免规则之间出现矛盾、冗余,便于规则的管理和维护,也便于制定较为完备的安全策略.
With quick development of network technology,it is necessary for us to learn and work in web application and share network resources.As long as there is network,safety problem will become very important.Now,there are all kinds of safety tools on market,but the firewall is the mature technology and is the earliest product.The firewall is a technique of strategy safety.Packet filtering system of the firewalls is the most basic,the most important,and the most core part.The packet filter rule of the firewalls is based on actual safe policy,and should think over the whole validation and criterion about rule aggregate,but not centralize in every rule of rule aggregate.This paper study the correctness of packet filtering rules,and check conflict before rules were applied,avoiding contradiction and redundancy between rules,so it is convenient to manage rules,maintain rules,and will make safe policy better.
出处
《沈阳师范大学学报(自然科学版)》
CAS
2003年第3期200-203,共4页
Journal of Shenyang Normal University:Natural Science Edition
