Design of a New Firewall Based on Netfilter

In the current network environment, applications have been the main carrier of network. More and more threats come from the application layers which bring about higher requirements to the network access control. The problems of how to accurately recognize the users and applications, to block up the applications with potential safety hazards, to ensure the normal use of legitimate applications and prevent port stealing and others, have been the focus of current network safety. Since IP is not equal to the user, and the port is not equal to application either, the traditional firewall based on the five-tuple array access control strategy of IP/port cannot effectively adapt to the huge changes of current network environment any more. Based on the firewall of next generation, this paper takes the instant messaging software QQ as an analysis object to propose an improved content filter firewall which could block QQ login through extracting, analyzing and judging the content of data packet in the network. The technology proposed by this paper can accurately identify the users, applications and contents according to their behaviors and characteristics, with the ability of complete safety protection.