我们将该过程称为信息包过滤。
图1用图形说明了这个信息包过滤过程。
Figure 1 graphically illustrates this packet filtering process.
此外,您可以在包过滤层上禁用某些端口。
Additionally you can disable some ports on the package filtering level.
基于包过滤的限制,或者禁止了一些关键字。
Three, restrictions based on packet filtering, or the prohibition of a number of keywords.
这三个链是基本信息包过滤表中内置的缺省主链。
These three chains are the main chains built-in by default inside basic packet-filtering tables.
表是包含仅处理特定类型信息包的规则和链的信息包过滤表。
A table is a packet filtering table that contains rules and chains dealing with specific kinds of packets only.
基于内容的IP包过滤技术涉及到操作系统的内核。
Technology of IP Filter Based on IP content relates to system kernels.
基于内容的IP包过滤技术涉及到操作系统的内核态技术。
The technology of packet filter based on IP content is related to the kernel-mode of Window operation system.
但包过滤不打开数据包,如果允许你仍要把它送到目的地。
However, the packet filter does not open the data package, and you still get to drive it to the destination if allowed.
本文研究的重点是个人安全防御系统中包过滤技术的设计与实现。
The researching key point in the paper is the design and realization of the packet filter technology in individual security defense system.
这些规则存储在专用的信息包过滤表中,而这些表集成在Linux内核中。
These rules are stored in special-purpose packet filtering tables integrated in the Linux kernel.
包过滤起交通警的作用,它分析你想到那儿去,你随身携带了什么。
The packet filter ACTS like a traffic cop; it analyzes where you are going and what are you bringing with you.
包过滤技术实现简单,网络处理性能很高,但缺乏对应用层的保护。
Packet filter technology can be implemented easily and has high performance on network process, but it has no ability to provide protection to application.
本文讨论了包过滤的优缺点,并实现了基于报文地址的包过滤功能。
The software of packet-filtering, which is based on the addresses of datagram, is realized after a discussion on the advantages and disadvantages of packet-filtering.
建立规则并将链放在适当的位置之后,就可以开始进行真正的信息包过滤工作了。
After the rules are built and chains are in place, the real work of packet filtering starts.
盒子之外,设备被设为允许任何流量通过,让用户指定阻塞哪些流量(通过包过滤)。
Out of the box, the appliance is set to let all traffic pass, leaving the user to specify which types of traffic are blocked (via packet filtering).
然而,多数包过滤是不分国家的,它们只懂得低级协议,难以配置和验证。
However, most packet-filters are stateless, understand only low-level protocols, and are difficult to configure and verify.
把决策树分类器引入包过滤技术当中,改变了传统的顺序检索包过滤的方法。
Introducing the decision tree classifiers into packet filtering technology, it changes the conventional method searching the packet orderly.
现在,您已经学习了如何建立基本的规则和链以及如何从信息包过滤表中添加或删除它们。
Now you've learned how to build basic rules and chains and how to add or remove them from the packet filtering tables.
还重点讨论了攻击响应部分,包括响应的位置、包过滤和速率限制、回退策略。
Then it focuses on attack response, including egress filtering, packets filtering and rate limit, and the pushback method.
缺乏上下文或国家信息使之不能把包过滤用于数据包为基础的协议,如文件传送协议。
Lack of context or state information makes it impossible to use packet - filters for datagram-based protocols such as File Transfer protocol.
缺乏上下文或国家信息使之不能把包过滤用于数据包为基础的协议,如文件传送协议。
Lack of context or state information makes it impossible to use packet-filters for datagram-based protocols such as File Transfer protocol.
filter表用于一般的信息包过滤,它包含INPUT、OUTPUT和forward链。
The filter table is used for general packet filtering and consists of INPUT, OUTPUT, and FORWARD chains.
filter表用于一般的信息包过滤,它包含INPUT、OUTPUT和forward链。
The filter table is used for general packet filtering and consists of INPUT, OUTPUT, and FORWARD chains.
应用推荐