关键词: 防火墙 包过滤 状态检测 FreeBSD

Abstract:

The basic principle of packet-filtering is analyzed, and the basic process of implementing packet-filtering functions is also discussed in this paper. A formalized packet-filtering firewall model is presented. By using the Hash table and the stateful-lnspection cache to accelerate matching conditional  rulers, the author implements a packet-filtering firewall based on the FreeBSD operating system, which can serve most small-business systems based on s ecurity needs and strategy.

Key words: firewall, packet-filtering, stateful-inspectlon, freeBSD