CN101771669A - Method for setting firewall policy and device therefor - Google Patents
Method for setting firewall policy and device therefor Download PDFInfo
- Publication number
- CN101771669A CN101771669A CN200810241120A CN200810241120A CN101771669A CN 101771669 A CN101771669 A CN 101771669A CN 200810241120 A CN200810241120 A CN 200810241120A CN 200810241120 A CN200810241120 A CN 200810241120A CN 101771669 A CN101771669 A CN 101771669A
- Authority
- CN
- China
- Prior art keywords
- firewall
- policy
- equipment
- firewall policy
- markup language
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 102100033189 Diablo IAP-binding mitochondrial protein Human genes 0.000 description 2
- 101710101225 Diablo IAP-binding mitochondrial protein Proteins 0.000 description 2
- 238000001914 filtration Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for setting a firewall policy and a device therefor. The method comprises the following steps: determining the firewall policy; describing the firewall policy by adopting extensible markup language; translating the firewall policy described by the extensible markup language to obtain an order capable of being identified by firewall equipment; and executing the firewall policy by the firewall equipment according to the obtained order. The device of the firewall policy comprises a firewall policy determining module, a firewall policy describing module, a firewall policy translating module and a firewall policy executing module. With the adoption of the method and the device, the work load of a network administrator can be greatly lowered, and the consistency of the firewall policy of the firewall equipment can be guaranteed.
Description
Technical Field
The present invention relates to the field of computer security, and in particular, to a method and apparatus for setting a firewall policy.
Background
Firewalls are important devices used to protect computers in a network from security, and can shield the information, structure and operating conditions of the protected internal network from the outside by monitoring, restricting, and modifying the data flow across the firewall. At present, a plurality of firewall devices are available on the market, the configuration commands of the firewall devices produced by different manufacturers are different, and even the configuration commands of the firewall devices of different models of the same manufacturer are different. However, in practice, different firewall devices use the same firewall policy, and in such a case, a network administrator has to be familiar with configuration interfaces and commands of various firewall devices and configure firewall rules of the firewall devices one by one when setting the firewall policy. This greatly increases the workload of network administrators, and because the firewall rules of firewall devices are manually set, errors are easily made, resulting in inconsistency of firewall policies for setting firewall devices using the same firewall policy, which brings great difficulty to network administration.
Disclosure of Invention
The invention provides a method and a device for setting firewall policies, which are used for solving the problem that in the prior art, different firewall devices are set manually, so that the firewall policies of the firewall devices are easy to be inconsistent.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of setting a firewall policy, characterized by: the method comprises the following steps:
A. determining a firewall policy;
B. describing the firewall policy by adopting an extensible markup language;
C. translating the firewall policy described by the extensible markup language to obtain a command which can be identified by firewall equipment;
D. and the firewall equipment executes the firewall policy according to the command obtained after translation.
Furthermore, when the firewall policy is described by using the extensible markup language, the firewall object and the firewall rule are defined respectively.
Furthermore, the firewall object and the firewall rule are defined by three attributes of "identification mark", "name" and "remark".
Still further, the "identification" and the "name" have global uniqueness in the firewall policy.
Further, the specific steps of translating the firewall policy described by the extensible markup language include:
c1, obtaining firewall rules needing to be issued to the firewall equipment from the firewall policies described by the extensible markup language;
c2, obtaining firewall objects controlled by the firewall rules from the firewall policies described by the extensible markup language according to the obtained firewall rules;
c3, translating the obtained firewall rules and firewall objects into commands which can be recognized by the firewall equipment;
c4, establishing connection with the firewall equipment, and issuing the translated command to the firewall equipment;
c5, after the firewall device executes the firewall policy according to the command obtained after translation, disconnecting the firewall device.
Furthermore, the connection with the firewall device is established by means of a remote access tool or a secure shell protocol.
An apparatus for setting firewall policies, characterized in that: the method comprises the following steps:
a firewall policy determination module for determining the firewall policy;
the firewall policy description module is used for describing the firewall policy by adopting extensible markup language;
the firewall policy translation module is used for translating the firewall policy described by the extensible markup language to obtain a command which can be identified by the firewall equipment;
and the firewall equipment executes the firewall policy according to the command obtained after translation.
Further, the firewall policy translation module specifically includes:
the firewall rule obtaining submodule is used for obtaining firewall rules needing to be issued to the firewall equipment from the firewall policies described by the extensible markup language;
the firewall object obtaining submodule is used for obtaining a firewall object controlled by a firewall rule from the firewall policy described by the extensible markup language according to the obtained firewall rule;
the translation submodule is used for translating the acquired firewall rules and the firewall objects into commands which can be identified by the firewall equipment;
the connection submodule is used for establishing connection with the firewall equipment and sending the translated command to the firewall equipment; and after the firewall equipment executes the firewall strategy according to the command obtained after translation, disconnecting the firewall equipment from the firewall equipment.
Due to the adoption of the technical scheme, the invention has the following advantages: the firewall strategy is described by adopting XML (eXtensible Markup Language), so the firewall strategy has good expansibility; the firewall strategy described by the XML is directly translated into the command which can be identified by the firewall equipment, so that the firewall equipment does not need to be set manually, and the workload of a network administrator is greatly reduced; the firewall policy described by the XML is directly translated into the command which can be identified by the firewall equipment, so that errors possibly generated by manual operation are avoided, and the consistency of the firewall policy of the firewall equipment is ensured.
Drawings
FIG. 1 is a flow chart of a method for setting firewall policies according to the present invention;
FIG. 2 is a flow chart of the translation of the firewall policy described by XML in the method of the present invention;
FIG. 3 is a diagram illustrating the structure of an XML document of firewall policies in a preferred embodiment of the method of the present invention;
FIG. 4 is a schematic structural diagram of an apparatus for setting a firewall policy according to the present invention;
fig. 5 is a schematic structural diagram of a firewall policy translation module in the device according to the present invention.
Detailed Description
In order to reduce the workload of a network administrator and ensure the consistency of firewall policies of firewall equipment using the same firewall policy, when the firewall policy is set for a certain internal network, the invention adopts a general language to describe the firewall policy and then translates the firewall policy into a command which can be recognized by the firewall equipment.
The invention is described in detail below with reference to the figures and examples.
Fig. 1 is a flowchart of a method for setting a firewall policy according to the present invention, and it can be seen that the method for setting a firewall policy specifically includes the following steps:
step 101: a firewall policy is determined.
Step 102: and describing the firewall policy by adopting XML.
Step 103: and translating the firewall policy described by the XML to obtain a command which can be identified by the firewall equipment.
Step 104: and the firewall equipment executes the firewall policy according to the command obtained by translation.
When the firewall policy is described in step 102 using XML, it is necessary to represent the firewall object and the firewall rule included in the firewall policy by using XML document elements, respectively. The firewall object refers to elements such as a host, an address, a service, and a port used in a firewall rule, and the firewall rule refers to a rule for controlling the firewall object. In the invention, the firewall object and the firewall rule are respectively defined by using XML, and the definition comprises three attributes of 'identification mark', 'name' and 'remark'. Where the "identification" may conveniently be implemented to reference objects, the "name" is a name that is easily understood and remembered by a person, and the "remark" is used to record any information associated with this element. And "identification" and "name" have global uniqueness in the firewall policy.
According to the definition of the XML, the firewall policy is described by adopting the XML, so that the firewall policy can be conveniently stored and analyzed, and the firewall policy has strong flexibility and expansibility. For example, when adding a firewall object or a firewall rule, it is only necessary to define the firewall object or the firewall rule by using XML and then add the firewall object or the firewall rule into the firewall policy.
Fig. 3 is a flowchart illustrating the step 103 of translating the firewall policy described by the XML, and it can be seen from the diagram that the specific steps of translating the firewall policy described by the XML are as follows:
step 131: and obtaining the firewall rules issued to the firewall equipment from the firewall policies described by the XML.
Step 132: and acquiring the firewall object controlled by the firewall rule from the firewall policy described by the XML according to the acquired firewall rule.
Step 133: and translating the obtained firewall rules and the firewall objects to obtain commands which can be identified by the firewall equipment.
Step 134: establishing connection with firewall equipment, and issuing the translated command to the firewall equipment; during connection, the firewall device can be connected with remote access tools such as Telnet and SSH (Secure Shell protocol).
Step 135: and after the firewall equipment executes the firewall policy according to the translated command, disconnecting the firewall equipment from the firewall equipment.
By adopting the method to set the firewall, a network administrator is not required to be familiar with a configuration interface and a command of the firewall equipment any more, the firewall equipment is manually set, the workload of the network administrator is greatly reduced, and because the firewall strategy is directly translated into the command which can be identified by the firewall equipment, errors possibly generated by manually setting the firewall equipment are avoided, and the consistency of the firewall strategy of the firewall equipment is ensured.
The following describes the implementation of the method of the present invention in further detail with reference to a preferred embodiment of the method of the present invention.
Step 201: the firewall policy of the present embodiment is determined.
Step 202: describing the firewall policy of the embodiment by adopting XML;
in this embodiment, the firewall policy is described according to the XML document shown in fig. 3, and it can be seen from the figure that the root node of the XML document in this embodiment is a global database. The root node comprises a user database child node which comprises two child nodes of a firewall object set and a firewall rule set; the firewall object set child nodes are used for storing data of firewall objects referenced by firewall rules, and the firewall rule set child nodes are used for storing data of firewall rules of different firewall equipment; the firewall object set sub-node also comprises a plurality of firewall object group sub-nodes, and the firewall object group sub-nodes store the data of the firewall objects of the same category. The firewall rule set sub-node also comprises a plurality of firewall rule group sub-nodes, and the firewall rule data of the same category are stored in each firewall rule group sub-node.
In this embodiment, when the firewall policy is described by using XML, each firewall object group, each specific firewall object, each firewall rule group, and each specific firewall rule are defined, and when the firewall object group, the firewall object, the firewall rule group, and the firewall rule are defined, the firewall policy includes contents such as "identification mark", "name", "comment", and the like, where the "identification mark" and the "name" have global uniqueness in the firewall policy of this embodiment.
In this embodiment, one firewall object is a host with IP (Internet Protocol) addresses of 192.168.1.1 and 192.168.2.1, and the firewall rule controlling the firewall object is as follows: 1) allowing the firewall object to access the subnet with the IP address range of 192.168.3.0-192.168.3.255, if and only if the data packet for transmitting information between the firewall object and the subnet satisfies the following conditions: the two-layer protocol number is 0800, the three-layer protocol number is 6, the source port is 21 or 22, the destination port is all, and the source and destination MAC addresses are all the above 5 conditions. 2) And recording no log to the data packet meeting the condition. The specific text for describing the firewall object and the firewall rule by using the XML is as follows:
<FWObjectDatabase xmlns=″http://company″version=″x.x″...>
< Library id ═ sysid 001 "name ═ user database
< ObjectGroup id ═ sysid002 ═ name ═ object set "ro ═ True >
< ObjectGroup id ═ sysid003 ═ name ═ address "ro ═ True >
< ObjectGroup id ═ sysid 004: "name ═ IP object" ro ═ True >
<IPv4 id=″id500001″name=″ip1″address=″192.168.1.1 192.168.2.1″
netmask=″/>
</ObjectGroup>
< ObjectGroup id ═ sysid005 "name ═ subnet object" ro ═ True ">, and
<Network id=″id500002″ name=″subnet1″ comment=″″
address=″192.168.3.0″netmask=″255.255.255.0″.../>
</ObjectGroup>
</ObjectGroup>
</ObjectGroup>
< FWRule id ═ sysid006 "name ═ rule set" comment ″ > "
< PFPolicy id ═ id500006 ═ name ═ rule group A' >)
<PFPolicyRule id=″id500011″name=”pfrule1”disabled=″False″position=″0″
action=″accept″comment=″comment″l2protocol=″0800″l3protocol=″6″sport=″21″
sport_end=″22″dport=″0″ dport_end=″0″ smac=″″ dmac=″″ log=″no″
CreateName=″″ CreateTime=″1224554757″ ModifyName=″″
ModifyTime=″1224554757″>
<Src neg=″False″>
<ObjectRefref=″id500001″/>
</Src>
<Dst neg=″False″>
<ObjectRef ref=″id500002″/>
</Dst>
<When neg=″False″/>
</PFPolicyRule>
</PFPolicy>
</FWRule>
</Library>
</FWObjectDatabase>
The meaning of each attribute field of the text is as follows:
id: an identification mark representing the object, uniquely representing an object;
name: a name representing the object;
comment: representing an annotation;
disabled: for indicating whether the firewall rule is active, with which a rule can be temporarily disabled without deleting it, where True indicates disabled and False indicates no disabled;
position: the position of the firewall rule is indicated, the packet filtering rule is divided into a front part and a rear part in the firewall, and the rule arranged at the front part is matched firstly. Smaller values indicate a more advanced value, and the minimum value is 0;
action: defining how a qualified packet is to be processed, it contains three things, where "accept means let through", "deny means reject" and "drop means discard";
l2 protocol: represents a two-layer protocol number;
l3 protocol: represents a three-layer protocol number;
sport: source port number, 0 for all ports; when it defines a source port range together with the port _ end, it indicates the originating source port number.
sport _ end: indicating the ending source port number, along with the sport, defines the range that represents one source port.
dport: indicating a destination port number, 0 indicating all ports; when it defines a destination port range together with dport end, it indicates the starting destination port number.
dport _ end: indicating the end destination port number. Defining and representing a destination port range together with dport;
smac: represents a source MAC (Media Access Control, Media Access Control sublayer protocol) address;
dmac: indicating a destination MAC address;
log: judging whether to record the log, wherein yes is used for recording the log, and no is used for not recording the log;
CreateName: a name indicating an administrator who created the firewall rule;
CreateTime: indicating a time at which the firewall rule was created;
ModifyName: the name of the administrator who represents the last time the firewall rule was modified;
ModifyTime: indicating the time of last modification of the firewall rule;
and (4) Neg: indicates the opposite;
the statement < IPv4 id ═ id 500001./> defines a firewall object in this embodiment;
the statement < Network id ═ id 500002./> defines the range of IP addresses that the firewall object described above of the present embodiment can access;
the statement < PFPolicyRule id > < id 500011. > </PFPolicyRule > defines the firewall rules that control the firewall objects in the present embodiment, wherein,
the following statements are adopted in the firewall rules:
<Src neg=″False″>
<ObjectRef ref=″id500001″/>
</Src>
the firewall object controlled by the firewall rule in the embodiment is referred by the identification mark;
the following statements are adopted in the firewall rules:
<Dst neg=″False″>
<ObjectRef ref=″id500002″/>
</Dst>
the subnet allowing the access of the firewall object in the present embodiment is referred to by the identification flag.
The firewall policy of the embodiment can be completely described by the method of describing a firewall object and the firewall rules for controlling the firewall object.
Step 203: the firewall policy described by the XML in the embodiment of the invention is translated to obtain the command which can be identified by the firewall equipment in the embodiment of the invention.
The specific steps for translating the firewall policy of the embodiment are as follows:
step 231: the firewall rules issued to the firewall device of this embodiment are obtained from the firewall policy described by the XML.
Step 232: and obtaining the firewall object controlled by the firewall rule from the XML firewall policy according to the obtained firewall rule.
Step 233: and translating the obtained firewall rules and the firewall objects to obtain the command which can be identified by the firewall equipment of the embodiment. The command list generated by translating the XML text describing the firewall object and the firewall rule controlling the firewall object in the step 202 for the firewall device produced by a certain company is as follows:
define host add name ip1 ipaddr′192.168.1.1 192.168.2.1′
define subnet add name subnet1 ipaddr 192.168.3.0 mask 255.255.255.0
pf rule add l2protocol 0800 l3protocol TCP sip ip1 dip subnet1 sport 21sport_end 22 action accept log no enable yes
step 234: and establishing connection with the firewall equipment of the embodiment, and issuing the translated command to the firewall equipment.
Step 235: after the firewall device executes the firewall policy according to the translated command, the firewall device is disconnected from the firewall device of the embodiment of the invention.
Step 204: the firewall device of this embodiment executes the firewall policy according to the command set obtained after translation.
Corresponding to the above method of the present invention, the present invention further provides a device for setting a firewall policy, as shown in fig. 4, the device for setting a firewall policy of the present invention includes: the firewall policy control system comprises a firewall policy determination module 1, a firewall policy description module 2, a firewall policy translation module 3 and a firewall policy execution module 4. Wherein,
and the firewall policy determining module 1 is used for determining the firewall policy.
And the firewall policy description module 2 is used for describing the firewall policy by adopting XML.
And the firewall policy translation module 3 is used for translating the firewall policy described by the XML to obtain a command which can be recognized by the firewall equipment.
And the firewall policy execution module 4 is used for executing the firewall policy by the firewall equipment according to the command obtained by translation.
As shown in fig. 5, the firewall policy translation module 3 specifically includes:
the firewall rule obtaining submodule 31 is configured to obtain a firewall rule to be issued to the firewall device from the firewall policy described by the XML;
the firewall object obtaining sub-module 32 is configured to obtain, according to the obtained firewall rule, a firewall object controlled by the firewall rule from the firewall policy described by the XML;
the translation submodule 33 is configured to translate the obtained firewall rule and the obtained firewall object into a command that can be recognized by the firewall device;
the connection submodule 34 is used for establishing connection with the firewall device and sending the translated command to the firewall device; and after the firewall equipment executes the firewall strategy according to the command obtained after translation, disconnecting the firewall equipment from the firewall equipment.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A method of setting a firewall policy, characterized by: the method comprises the following steps:
A. determining a firewall policy;
B. describing the firewall policy by adopting an extensible markup language;
C. translating the firewall policy described by the extensible markup language to obtain a command which can be identified by firewall equipment;
D. and the firewall equipment executes the firewall policy according to the command obtained after translation.
2. The method of claim 1, wherein: and when the firewall policy is described by adopting the extensible markup language, defining a firewall object and a firewall rule respectively.
3. The method of claim 2, wherein: when defining the firewall object and the firewall rule, the firewall object and the firewall rule respectively comprise three attributes of 'identification mark', 'name' and 'remark'.
4. The method of claim 3, wherein: the "identification" and the "name" have global uniqueness in the firewall policy.
5. The method of claim 1, wherein: the specific steps of translating the firewall policy described by the extensible markup language include:
c1, obtaining firewall rules needing to be issued to the firewall equipment from the firewall policies described by the extensible markup language;
c2, obtaining firewall objects controlled by the firewall rules from the firewall policies described by the extensible markup language according to the obtained firewall rules;
c3, translating the obtained firewall rules and firewall objects into commands which can be recognized by the firewall equipment;
c4, establishing connection with the firewall equipment, and issuing the translated command to the firewall equipment;
c5, after the firewall device executes the firewall policy according to the command obtained after translation, disconnecting the firewall device.
6. The method of claim 5, wherein: and establishing connection with the firewall equipment by adopting a remote access tool or a secure shell protocol.
7. An apparatus for setting firewall policies, characterized in that: the method comprises the following steps:
a firewall policy determination module for determining the firewall policy;
the firewall policy description module is used for describing the firewall policy by adopting extensible markup language;
the firewall policy translation module is used for translating the firewall policy described by the extensible markup language to obtain a command which can be recognized by the firewall equipment;
and the firewall equipment executes the firewall policy according to the command obtained after translation.
8. The apparatus of claim 7, wherein: the firewall policy translation module specifically includes:
the firewall rule obtaining submodule is used for obtaining firewall rules needing to be issued to the firewall equipment from the firewall policies described by the extensible markup language;
the firewall object obtaining submodule is used for obtaining a firewall object controlled by a firewall rule from the firewall policy described by the extensible markup language according to the obtained firewall rule;
the translation submodule is used for translating the acquired firewall rules and the firewall objects into commands which can be identified by the firewall equipment;
the connection submodule is used for establishing connection with the firewall equipment and sending the translated command to the firewall equipment; and after the firewall equipment executes the firewall strategy according to the command obtained after translation, disconnecting the firewall equipment from the firewall equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810241120.5A CN101771669B (en) | 2008-12-30 | 2008-12-30 | Method for setting firewall policy and device therefor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810241120.5A CN101771669B (en) | 2008-12-30 | 2008-12-30 | Method for setting firewall policy and device therefor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101771669A true CN101771669A (en) | 2010-07-07 |
| CN101771669B CN101771669B (en) | 2014-07-30 |
Family
ID=42504268
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810241120.5A Active CN101771669B (en) | 2008-12-30 | 2008-12-30 | Method for setting firewall policy and device therefor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101771669B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282099A (en) * | 2014-06-25 | 2016-01-27 | 国家电网公司 | Firewall command generation method and device |
| CN105827649A (en) * | 2016-05-19 | 2016-08-03 | 上海携程商务有限公司 | Method and system for automatically generating firewall policy |
| CN109088886A (en) * | 2018-09-29 | 2018-12-25 | 郑州云海信息技术有限公司 | The management method and device of monitoring strategies on firewall |
| CN110213256A (en) * | 2019-05-28 | 2019-09-06 | 哈尔滨工程大学 | A kind of firewall control method based on producer consumer mode |
| CN111224996A (en) * | 2020-01-17 | 2020-06-02 | 国网福建省电力有限公司 | Firewall centralized auxiliary maintenance system |
| CN113422778A (en) * | 2021-07-01 | 2021-09-21 | 中国工商银行股份有限公司 | Firewall policy configuration method and device and electronic equipment |
| CN113452725A (en) * | 2021-08-31 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Message filtering information generation method and device |
| CN115086056A (en) * | 2022-06-27 | 2022-09-20 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted Ethernet firewall classification statistical method, device and equipment |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991525B (en) * | 2015-02-02 | 2019-05-03 | 北京神州泰岳信息安全技术有限公司 | The determination method and device of firewall access control policy presenter |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115057A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Tactic management based firewall system and dispatching method |
| CN1988478A (en) * | 2006-12-14 | 2007-06-27 | 上海交通大学 | Integrated tactic managing system based on expandable label language |
-
2008
- 2008-12-30 CN CN200810241120.5A patent/CN101771669B/en active Active
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282099A (en) * | 2014-06-25 | 2016-01-27 | 国家电网公司 | Firewall command generation method and device |
| CN105282099B (en) * | 2014-06-25 | 2019-04-12 | 国家电网公司 | The generation method and device of firewall order |
| CN105827649A (en) * | 2016-05-19 | 2016-08-03 | 上海携程商务有限公司 | Method and system for automatically generating firewall policy |
| CN109088886A (en) * | 2018-09-29 | 2018-12-25 | 郑州云海信息技术有限公司 | The management method and device of monitoring strategies on firewall |
| CN110213256A (en) * | 2019-05-28 | 2019-09-06 | 哈尔滨工程大学 | A kind of firewall control method based on producer consumer mode |
| CN110213256B (en) * | 2019-05-28 | 2021-09-28 | 哈尔滨工程大学 | Firewall control method based on producer consumer mode |
| CN111224996A (en) * | 2020-01-17 | 2020-06-02 | 国网福建省电力有限公司 | Firewall centralized auxiliary maintenance system |
| CN113422778A (en) * | 2021-07-01 | 2021-09-21 | 中国工商银行股份有限公司 | Firewall policy configuration method and device and electronic equipment |
| CN113422778B (en) * | 2021-07-01 | 2022-11-11 | 中国工商银行股份有限公司 | Firewall policy configuration method and device and electronic equipment |
| CN113452725A (en) * | 2021-08-31 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Message filtering information generation method and device |
| CN115086056A (en) * | 2022-06-27 | 2022-09-20 | 北京经纬恒润科技股份有限公司 | Vehicle-mounted Ethernet firewall classification statistical method, device and equipment |
| CN115086056B (en) * | 2022-06-27 | 2023-07-14 | 北京经纬恒润科技股份有限公司 | Method, device and equipment for classifying and counting vehicle-mounted Ethernet firewall |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101771669B (en) | 2014-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101771669B (en) | Method for setting firewall policy and device therefor | |
| JP6821800B2 (en) | Systems and methods for interactive network analytics platforms | |
| EP3175579B1 (en) | Systems and methods for network management | |
| EP3469765B1 (en) | Method, system and computer program for visualizing networks | |
| US9100363B2 (en) | Automatically recommending firewall rules during enterprise information technology transformation | |
| US10200248B1 (en) | Translating high-level configuration instructions to low-level device configuration | |
| US8701177B2 (en) | Method and apparatus for graphical presentation of firewall security policy | |
| JP3545303B2 (en) | Method and apparatus for managing a firewall | |
| US7406534B2 (en) | Firewall configuration validation | |
| JP5613239B2 (en) | Automatic address range detection for IP networks | |
| US8949418B2 (en) | Firewall event reduction for rule use counting | |
| US9467385B2 (en) | Cloud-based network tool optimizers for server cloud networks | |
| CN107948205B (en) | Firewall strategy generation method, device, equipment and medium | |
| US8955032B2 (en) | Assessing network and device compliance with security policies | |
| US20080091387A1 (en) | Network design processing device and method, and program therefor | |
| US10230585B1 (en) | Multi vendor device support in network management systems | |
| CN110011973A (en) | Industrial control network access rule construction method and training system | |
| CN114465901A (en) | Model-driven intent policy conflict detection and resolution through graph analysis | |
| CN108667776B (en) | Network service diagnosis method | |
| CN112822032B (en) | Network model aware diagnostics for networks | |
| CN111698110B (en) | Network equipment performance analysis method, system, equipment and computer medium | |
| Wang et al. | Rule anomalies detecting and resolving for software defined networks | |
| WO2023121878A1 (en) | Iterative development of protocol parsers | |
| Cisco | Populating the Network Topology Tree | |
| EP3896906A1 (en) | Dropped packet detection and classification for networked devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |