Resumen
The integrated air-ground multi-domain network provides users with a set of shared infrastructures. Security policies can be defined flexibly in the context of multi-domain network semantics. The packet filter module in the security gateway can run efficiently, which is an urgent requirement in this network environment. The framework combined with multi-domain network semantics implements the transformation into rules. It replaces the traditional manual method of configuring rules. The framework supports the whole life cycle management of rules from generation state and distribution state to execution state. In the aspect of security, the map security and semantic security are analyzed and optimized, respectively. Finally, through a series of experiments, compared with iptables/DPDK-IPFW/BSD-IPFW/BSD-pfsense, the high efficiency of the scheme is verified.