The research and implementation of transplanting the Iptables/Netfilter to an IXP2400 based firewall system

Abstract

NP based firewall research has attracted intensive attention. This paper presents a methodology to establish a rule parser and a command-line interface for a firewall system based on IXP2400 utilizing the existing code of the popular Iptables/Netfilter software. We describe how to modify the user-space code of Iptables and how to transplant the kernel code of Netfilter. We also explain the implementation of address transforming between the virtual address used by the Linux kernel and the physical address used by the ME.