摘要
首先介绍了基于最新Linux内核的防火墙技术netfilter框架结构,包括包过滤防火墙、代理服务器、完全状态检测技术、NAT、DMZ的概念、原理和用途,以及在Linux中具体实现的方法。着重探讨了一个用Perl/CGI编写的集成的WebAdmin来构建一个集成的带有状态检测功能的防火墙系统,该系统可以通过WebAdmin管理界面来进行本地/远程配置管理整个防火墙的策略,并提供了包括对于ADSL服务获得的动态IP地址的支持,DNS代理的集成,日志的记录,连接追踪,并特别集成了一个PPTPVPN的功能,使得该系统成为一个all in one的防火墙系统。
This article describes the netfilter framework of firewalls based on the newest Linux kernel, including the conceptions, principles, and usage of package filter firewalls, proxies, stateful-inspection technology, NAT and DMZ. It is mainly discussed the challenge of how to build an integrated firewall system with stateful-inspection by writing an interface of WebAdmin with Perl/CGI language. The WebAdmin provides an unique management interface to maintain the whole strategies of the firewall, which is both available whether in short or long distance. Also it supports the dynamic IP address gained from ADSL service, an integrated DNS proxy server, and connection tracking, and it especially integrates a PPTP VPN server. With all these functions, it becomes a strong and all-in-one firewall system.'
出处
《计算机应用》
CSCD
北大核心
2003年第12期101-104,117,共5页
journal of Computer Applications
