防火墙与入侵检测系统作为两种网络安全防护技术应用的越来越广泛。本文在简要介绍防火墙与入侵检测的优点与不足的基础上,提出了在网络中同时部署防火墙与入侵检测系统,使它们各自发挥所长来保护内部网络的安全。并通过SHELL脚本将IDS检测到的入侵行为自动生成防火墙的规则,及时的阻断来自外网的入侵行为,使IDS与Firewall能够有效的协同工作,从而提高网络的安全性。 Firewalls and intrusion detection systems are increasingly used as two network security technologies. Based on the brief introduction of the advantages and disadvantages of firewall and intrusion detection, this paper proposes that both the firewall and intrusion detection system should be deployed in the network so that they can exert their respective strengths to protect the internal network. And through the SHELL script IDS will detect the intrusion automatically generate the rules of the firewall in a timely manner to intercept from the external network invasion, IDS and Firewall can effectively work together to improve network security.