传统的静态防火墙是根据预先规定的特定的过滤规则对访问网络的数据包进行简单过滤,难以防范越来越复杂动态的网络攻击,同时随着静态过滤规则数目的不断增大,规则的管理也越来越复杂。而动态包过滤防火墙具有传统防火墙的功能,更能提供对运输层完整的控制能力,简化了对规则集的匹配工作,提高了网络通信速率。文章对动态包过滤防火墙的工作原理和过滤规则的优化进行了研究,能在不影响网络安全访问的前提下,提高过滤规则表的管理效率。% The traditional firewall is according to some predetermined filtering rules on the network data stream, which is difficult to prevent the increasingly complex and dynamic network attack, at the same time as the static filtering rule number increases ceaselessly, the management is more and more complex rules. Dynamic packet filter firewall has the traditional firewall functions, can provide the transport layer complete control, simplifies the rule set matching task, improves the network communication rate. Based on dynamic packet filtering firewall working principle and rule optimization were studied, in order to improve the management efficiency and accelerate the rule table of network security defense asked speed.
展开▼