摘 要:防火墙是网络防御所必需的技术手段,也是安全网络防范攻击和数据包吞吐控制的关键。当网关完成较复杂的流量过滤时,需在访问控制列表(ACL)中设置大量规则。通过防火墙策略软件工具,不仅可以自行检测 ACL 中的异常,避免潜在的规则冲突,还可实现符合规则的修改、插入、删除等编辑操作。
关键词:防火墙;ACL;异常行为检测
中图分类号:TP393.08 文献标识码:A 文章编号:2096-4706(2019)11-0171-02
A nom aly D etection and Policy Editing of A ccess C ontrol List Based onN etw ork Firew all
HOU Xianhui
(Northwest Regional Air Traffic Management Bureau of Civil Aviation of China,Xi’an 710082,China)
Abstract: Firewall is a necessary technical means for network defense,and also a key to security network defense attacks andpacket throughput control. When the gateway complete complex filtering,needing to set a lot of rules in the Access Control List(ACL).Through the firewall policy software,we can not only detect abnormalities in the ACL,but also avoid potential rule conflicts. We alsoperform editing operations such as modification,insertion and deletion of rules.
Keywords: firewall;ACL;abnormal behavior detection
参考文献:
[1] 袁伟云 .IPv6 防火墙过滤技术的研究与应用 [D]. 广州:华南师范大学,2010.
[2] 郭庚麒.防火墙技术分析 [J].广东交通职业技术学院学报,2002(1):71-73.
作者简介:侯显晖(1987.11-),女,汉族,陕西西安人,硕士研究生,工程师,研究方向:信息网络和平面通信。