The invention discloses an implementation method of a
software-defined firewall
system, which belongs to the technical field of computer networks. The method comprises the following steps: establishing connection between an
OpenFlow switch and an SDN controller, and receiving a table-miss flow table entry and an initial flow table entry; sending the data packet by the
OpenFlow switch to the SDN controller; performing state detection filtering on the TCP data packet by a state detection filtering module in the SDN controller through combinations with the firewall rule and the state of the datapacket, and maintaining a state
connection table; and performing
packet filtering on the stateless IP protocol data packet by a
packet filtering module in the SDN controller according to a firewall rule, and issuing a flow table entry to the
OpenFlow switch to guide subsequent data
packet processing. According to the method, stateless
packet filtering and stateful state detection filtering can berespectively carried out on data packets of different protocol types, the state firewall function is achieved, the
operand of the SDN controller is reduced by issuing the flow table item in the packetfiltering process, in addition, an OpenFlow protocol does not need to be modified when state detection filtering is achieved, and higher universality is achieved.