An improved Linux firewall using a hybrid frame of netfìlter

摘要

With the steady advancement of the network technology present day, network not only brings us a conducive and productive life, and is followed by a collection of network security threats. Due to awareness about the threats the need for security has never been more important that's why it has become extremely important to protect our web servers as well as our web assets. A firewall is main security component that allows and restrict access to specific network and ports. In this research main focus is on designing strong firewall filtering rules so that detection of malicious code will be achieved to the optimal level. The proposed framework is introduced to improve performance issues, code maintenance (i.e. code duplication), scalability, for improving performance of the network traffic etc. in the dataset. In this work, we examine the Linux Netfilter/iptable, nftable firewall technology. In this paper, a new hybrid approach is proposed where Geometric efficient matching algorithm and stateless firewall optimization algorithm is merged into the code of the Linux iptables and nftables open source firewall for securing Linux web server. "Geometric Efficient Matching algorithm" GEM-iptables & nftables execution manage to filter packets-per-second on a standard system. It is efficient and practical, algorithm for firewall packet matching. While there are a number of paths that can be followed to provide a best malware detection method for firewall security, this work will be beneficial for small enterprises in terms of money and time using Netfilterftables. This makes it easy and simple to configure the strong firewall to solve the security related problems & detect malware using strong firewall rules to achieve optimal level.