中小型企业linux防火墙的设计和应用

he principles of Iptables firewall and the framework of Netfilter were discussed in this thesis. Ideas and steps of building a network firewall based on the special conditions of small and medium enterprises were described in detail. The mainly contribution of this paper were included particular plan of network topology, finishing the design of a cost-effective and efficient firewall, and giving correlative script. To extract the structure of important data， the process of data treated, the mechanism of Linux kernel framework. A Linux-based firewall system which could defend ddos attack and other general attacks was designed and achieved. The system enables an improvement of abilities of offering normal services when it was aggressed by denial of service attack.