基于Windows NT平台下的多级过滤防火墙系统的研究与实现  

作　　者：代增辉[1] 张彤[1] 

机构地区：[1]北京铁路局石家庄车站电子所,河北石家庄050000

出　　处：《中国铁道科学》2005年第5期132-136,共5页China Railway Science

摘　　要：在Windows NT网络体系结构基础上,采用多级过滤技术实现防火墙。在网络层利用NDIS技术对进入和发出内部网络的数据包依据过滤表中的过滤规则进行过滤;在传输层利用TDI技术实现对应用进程的过滤;在应用层利用Winsock技术实现对数据包内容的过滤。系统实现过程为:从网卡上截获每一个流入和流出网卡的数据包,实现防火墙系统最基本的数据包截取功能;在网络层中,系统根据访问规则,对截获的数据包进行判断,过滤掉非法数据包,实现数据包过滤功能;在传输层中,监视所有访问网络的进程,当截获到进程要访问网络的数据请求包时,内核发出消息通知用户,由用户决定对该进程的操作,实现应用程序进程查询功能;在应用层中,可以截获从传输层传递的所有数据包,当数据包中含有禁止的内容时,应用层对其进行过滤,实现数据包内容过滤功能。这样通过多级过滤提高系统的安全性。Our system is based on Windows NT structure and combines kernel-mode with user-mode to realize multilevel filter, which enhances performance from low layer. In kernel-mode, we use NDIS technology to filter packet of in and out Intranet according to the filtering rules in the layer of network. We use TDI technology to track the state of process in transport layer. We employ Winsock technology to realize the filtration based on packet content. The basic function of firewall is to intercept the data packet. Each in and out data packet is intercepted from network card to realize this basic function. To realize the function of filtering packet, the system judges data packet according to the filtering rules in the layer of network. To realize the function of searching process in program, the system monitors all the process and intercepts data packet when the process is accessing network. Then the kernel sends message to user who judges the operation to the process in transport layer. To realize the function of filtering content, the system intercepts all the data packet transportation from transport layer using socket technology. When forbidden content in data packet, it will be filtered in the layer of application to realize the function of filtering the content of data packet. The security of the system can be improved by multilevel filter.

关 键 词：防火墙 NDIS技术 TDI技术 WINSOCK技术 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]