Implementation of State Inspection Packet Filter Technology on Linux

Inthispaper,thesupportingmechanismofLinux2.4kerneltostateinspectionpacketfiltertechnologyisintroduced,andakindofimplementationmethodunder this mechanism is also presented, that is Netfilter+IPconntrack+IPtables architecture. Finally, aiming at the problem that state inspection for some multi-connections services is disable,amethodbytheadditionofcooperativeprocessmoduleisproposedanddiscussed.