摘要： 基于软件实现的分布式防火墙存在“功能悖论”，基于专用网络处理器的硬件防火墙成本较高、难以普及到网络末端。该文针对以上问题，提出一种基于ARM处理器的嵌入式防火墙设计方案，采用核心板+扩展板的分板设计，进行U-Boot的定制、嵌入式操作系统的移植、网卡驱动及包过滤引擎的实现。实验结果表明，该防火墙实现成本小、处理速度快，在其硬件平台上可进行后续安全软件的开发。

关键词: 网络安全, 防火墙, 嵌入式, 分布式

Abstract: It is too expensive for distributed firewall built by NP to dispose them to hosts, so this paper gives a solution of an embedded firewall based on ARM processor to solve the problems. The hardware of embedded firewall is designed into core board and expanded board. It designs U-Boot, migrates the embedded OS, and implements NIC driver and packet filter. Test results show that this firewall is powerful and its security is enhanced with a low cost.

Key words: network security, firewall, embedded, distributed

中图分类号: 

• TP316