With the constant development of network technology today, network not only brings us a convenient and efficient life, and is accompanied by a variety of network security problems. Firewall, as a main way to prevent network attacks, is often used to prevent illegal connection and separates the internal network from the insecure networks, to protect the safety of the Linux systems which used in small and medium-sized enterprise. In this paper, the main content is to complete the function of firewall which is based on the Linux operating system, using Netfliter as firewall architecture, and the IPtable as a user space module tool. Firstly, this paper briefly analyzes the Netfilter/IPtable architecture and princIPle and working process of state detection technology, then, configure the firewall. At the last, the firewall experiment verified the effectiveness and safety of the design of the firewall.