摘要
随着网络技术的迅速发展,应用网络技术和共享网络资源已经成为我们日常学习、工作中必不可少的部分。只要网络存在,安全问题就会作为一个极其重要和极具威胁性的问题存在。目前市场上有各种各样的安全工具,技术最成熟、最早产品化的就是防火墙,防火墙是安全策略的技术实现,包过滤系统是防火墙最基本、最重要、最核心部分。防火墙的包过滤规则是根据实际需要的安全策略来制定的,对规则集应该考虑整体是否有效、规范,而不应该是规则集中的每条规则是否有效、规范。本文实现了包过滤规则在应用之前能够进行规则的冲突检测,避免规则之间出现矛盾、冗余,便于规则的管理和维护,也便于制定较为完备的安全策略。
With the quick development of network technology, it is necessary for us to learn and work in web application and share network resources. As long as there is network, safety problem will become very important and dangerous.Now, there are all kinds of safety tools in the market, but the firewalls is the mature technology and is the earliest manufacture. The firewall is a technique of strategy safety to realize. Packet filtering system of the firewalls is the most basic, the most important, most the kernel. The packet filter rule of the firewalls is based on actual safe policy, and should think over the whole validation and criterion about rule aggregate, not centralize in every rule of rule aggregate. This paper validates the correctness of packet filtering rules, tests rules conflict before rules were applied, avoid contradiction and redundancy between rules, so it is convenient to manage rules, maintain rules, and will make better safe policy.
出处
《沈阳教育学院学报》
2003年第3期110-113,共4页
Journal of Shenyang College of Education
