Iptables包过滤技术及其在机载网络上的实现
|
摘要
针对机载无线信息系统可能由地面网络技术引入网络安全威胁,因此机载网络需要对数据包进行过滤,根据规则限制数据传输。阐述了Iptables的工作原理,分析数据包过滤的规则操作及数据包的传输过程,及其在机载网络上的应用环境。对用Iptables在Linux上实现丢弃某IP数据包和阻止相关网页访问请求进行实验,在此基础上对基于Iptables的包过滤技术进行研究。
Since the potential network security threats may be introduced in airborne wireless information system due to the ground network technology,it is necessary for the airborne network to filter the data packet and limit the data transmission according to the rules. The working principle of Iptables is expounded. The filtering rules operation,transmission process and application environment of data packet on airborne network are analyzed. The experiment of how to use the Iptables to realize the discarding of some IP data packets and prevention of related webpage access request on Linux was performed. On this basis,the data packet filtering technology based on Iptables is researched.
Since the potential network security threats may be introduced in airborne wireless information system due to the ground network technology,it is necessary for the airborne network to filter the data packet and limit the data transmission according to the rules. The working principle of Iptables is expounded. The filtering rules operation,transmission process and application environment of data packet on airborne network are analyzed. The experiment of how to use the Iptables to realize the discarding of some IP data packets and prevention of related webpage access request on Linux was performed. On this basis,the data packet filtering technology based on Iptables is researched.
引文
[1]史岩,朱佳,范祥辉,等.基于ARINC822的机载无线网络安全架构设计[J].硅谷,2014,7(12):44-45.SHI Yan,ZHU Jia,FAN Xianghui,et al.Design of airborne wireless network security architecture based on ARINC822[J].Silicon valley,2014,7(12):44-45.
[2]谢鹏,安利.基于Linux系统的防火墙技术设计与实现[J].工业,2016(2):296.XIE Peng,AN Li.Design and implementation of firewall based on Linux system[J].Industry,2016(2):296.
[3]王维剑.基于netfilter/iptables防火墙的设计与实现[D].淮南:安徽理工大学,2012.WANG Weijian.Netfilter/iptables firewall design and implementation[D].Huainan:Anhui University of Technology,2012.
[4]XUAN L,WU P.The optimization and implementation of Iptables rules set on Linux[C]//2015 the 2nd International Conference on Information Science and Control Engineering.[S.l.]:IEEE,2015:988-991.
[5]陈剑,李晓东.机载信息系统无线网络的安全设计[J].航空计算技术,2012,42(3):130-134.CHEN Jian,LI Xiaodong.Security design of airborne information system wireless networks[J].Aeronautical computing technology,2012,42(3):130-134.
[6]朱艳.Linux网络防火墙Netfilter的数据包传输过滤原理[J].电子科技,2010,23(5):94-95.ZHU Yan.Principle of Netfilter packet transmission and transmission in Linux network firewall[J].Electronic technology,2010,23(5):94-95.
[7]高祥斌.基于Linux的Netfilter处理数据包的过程分析[J].硅谷,2009(13):41.GAO Xiangbin.Netfilter process analysis of packet based on Linux[J].Silicon valley,2009(13):41.
[8]林燕.Iptables规则集的优化设计[J].计算机时代,2015(2):47-49.LIN Yan.Optimization design of Iptables rules set[J].Computer era,2015(2):47-49.
[9]LEMUS-Zú?IGA L G,BENLLOCH-DUALDE J V,MONTA?ANA J M,et al.Teaching computer networks using virtual machines[C]//2015 International Conference on Information Technology Based Higher Education and Training.Lisbon:IEEE,2015:1-3.
[10]曹全新.机载信息系统的应用研究及发展趋势初探[J].民用飞机设计与研究,2014(1):72-76.CAO Quanxin.Application research and development trend of airborne information system[J].Civil aircraft design and research,2014(1):72-76.
[2]谢鹏,安利.基于Linux系统的防火墙技术设计与实现[J].工业,2016(2):296.XIE Peng,AN Li.Design and implementation of firewall based on Linux system[J].Industry,2016(2):296.
[3]王维剑.基于netfilter/iptables防火墙的设计与实现[D].淮南:安徽理工大学,2012.WANG Weijian.Netfilter/iptables firewall design and implementation[D].Huainan:Anhui University of Technology,2012.
[4]XUAN L,WU P.The optimization and implementation of Iptables rules set on Linux[C]//2015 the 2nd International Conference on Information Science and Control Engineering.[S.l.]:IEEE,2015:988-991.
[5]陈剑,李晓东.机载信息系统无线网络的安全设计[J].航空计算技术,2012,42(3):130-134.CHEN Jian,LI Xiaodong.Security design of airborne information system wireless networks[J].Aeronautical computing technology,2012,42(3):130-134.
[6]朱艳.Linux网络防火墙Netfilter的数据包传输过滤原理[J].电子科技,2010,23(5):94-95.ZHU Yan.Principle of Netfilter packet transmission and transmission in Linux network firewall[J].Electronic technology,2010,23(5):94-95.
[7]高祥斌.基于Linux的Netfilter处理数据包的过程分析[J].硅谷,2009(13):41.GAO Xiangbin.Netfilter process analysis of packet based on Linux[J].Silicon valley,2009(13):41.
[8]林燕.Iptables规则集的优化设计[J].计算机时代,2015(2):47-49.LIN Yan.Optimization design of Iptables rules set[J].Computer era,2015(2):47-49.
[9]LEMUS-Zú?IGA L G,BENLLOCH-DUALDE J V,MONTA?ANA J M,et al.Teaching computer networks using virtual machines[C]//2015 International Conference on Information Technology Based Higher Education and Training.Lisbon:IEEE,2015:1-3.
[10]曹全新.机载信息系统的应用研究及发展趋势初探[J].民用飞机设计与研究,2014(1):72-76.CAO Quanxin.Application research and development trend of airborne information system[J].Civil aircraft design and research,2014(1):72-76.