CN103632090A - Method for operating virtual firewall on virtual machine - Google Patents
Method for operating virtual firewall on virtual machine Download PDFInfo
- Publication number
- CN103632090A CN103632090A CN201310542134.1A CN201310542134A CN103632090A CN 103632090 A CN103632090 A CN 103632090A CN 201310542134 A CN201310542134 A CN 201310542134A CN 103632090 A CN103632090 A CN 103632090A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- file
- virtual
- firewall
- support
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000005192 partition Methods 0.000 claims description 6
- 238000011191 terminal modification Methods 0.000 claims description 4
- 230000004927 fusion Effects 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention provides a method for operating a virtual firewall on a virtual machine. According to the method, the virtual firewall can be operated on each virtual machine, operation is conveniently and rapidly achieved, and cost is low. When the method for operating the virtual firewall on the virtual machine is used, an operation system capable of conducting self compiling is installed on the virtual machine. The method includes the steps of modifying a file of the operation system to enable the file to support a magnetic disk driving type of the virtual machine to support storage and loading of a mirror image of the virtual firewall, modifying an information display function file of the operation system to enable an information display port to be modified from a serial port terminal to a terminal of a console used by the virtual machine, conducting automatic compiling to generate a new mirror image of the operation system, modifying a starting file to guide a new operation system to be started, and enabling the new operation system to load a mirror image file of the virtual firewall.
Description
Technical field
The present invention relates to network safety filed, be specifically related to a kind of method of virtual machine operation virtual firewall.
Technical background
Physics fire wall just refers to accomplishes chip the inside firewall program, is deployed in the outlet of catenet, resists the various attack on network, protects the information security of each public network, LAN (Local Area Network).But physics firewall box is costly, complexity is installed, and does not meet the requirement of society to virtual office now.
Virtual machine technique refer to by software simulation have complete hardware system function, operate in a complete computer in complete isolation environment.By software virtual machine, can on a physical computer, simulate two or many virtual computing machines, these virtual machines carry out work completely just as real computing machine, successfully build office, the test environment of each enterprise.Although the fire wall that has dummy machine system to carry, can play certain protective action, cannot as true firewall box, operate and check the information such as interface, flow, configuration and move some firewall services.
Summary of the invention
In view of this, the embodiment of the present invention provides the method for a kind of virtual machine operation virtual firewall, can on virtual machine, move virtual firewall, also possess simultaneously check, the function such as operation.
The virtual machine operation virtual firewall method that the embodiment of the present invention provides, is applied to be provided with on the virtual machine of the operating system compiling, and described method comprises:
Retouching operation system file, makes it to support the disk drive type of virtual machine, to support storage and the loading of virtual firewall mirror image;
Retouching operation system information Presentation Function file is the console terminal that virtual machine is used by information display port by serial port terminal modifications;
From compiling, generate new operating system mirror image;
Revise startup file and guide new os starting;
New operating system loads virtual firewall image file.
Wherein, described operating system is linux.
Wherein, described virtual machine is vmware virtual machine.
Wherein, described retouching operation system file comprises:
Operation linux system directive make menuconfig, clicks the total Options in SCSI disk support under SCSI device support; Meanwhile, click BusLogic SCSI support and VMware PVSCSI driver support option in SCSI Low-level drivers; Click again the total Options in Fusion MPT device support, make linux system support vmware virtual machine disk drive type, the disk of vmware virtual machine detected.
Wherein, described retouching operation system file further comprises:
Operation linux system directive fdisk-1 checks the disk partition situation on vmware virtual machine, then according to this subregion, revises the rcS file mount disk directory under linux system etc/init.d/ catalogue, supports virtual machine disk partition.
Wherein, described retouching operation system information Presentation Function file comprises:
Revise the inittab file under linux system etc catalogue, linux system information is shown by serial port terminal (/dev/ttySn) and is revised as the console terminal (/dev/ttyn) that vmware virtual machine is used.
Wherein, described modification startup file guides new os starting to comprise:
Revise the menu.1st file under linux system grub catalogue on vmware virtual machine, newly-increased startup item, guides new os starting.
The disclosed method of moving virtual firewall on virtual machine of the embodiment of the present invention, by retouching operation system file, makes it to support the disk drive type of virtual machine, supports the loading of virtual firewall mirror image; And by retouching operation system information Presentation Function file, by information display port, by serial port terminal modifications, be the console terminal that virtual machine is used, make like this on each virtual machine all each self-operating virtual firewall mirror images, and can at the operation interface of virtual firewall, check as required, the operation such as configuration, the firewall functionality of physical equipment is moved on virtual machine, realize the virtual of safety.
Accompanying drawing explanation
Figure 1 shows that the process flow diagram of the virtual machine operation virtual firewall method that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Figure 1 shows that the process flow diagram of a kind of virtual machine operation virtual firewall method that the embodiment of the present invention provides.As shown in Figure 1, the method comprises:
Step 101: retouching operation system file, makes it to support the disk drive type of virtual machine, to support storage and the loading of virtual firewall mirror image.
When operating system is linux; When virtual machine is vmware virtual machine, step 101 is: operation linux system directive make menuconfig, clicks the total Options in SCSI disk support under SCSI device support; Meanwhile, click BusLogic SCSI support and VMware PVSCSI driver support option in SCSI Low-level drivers; Click again the total Options in Fusion MPT device support, make linux system support vmware virtual machine disk drive type, the disk of vmware virtual machine detected.
Operation linux system directive fdisk-1 checks the disk partition situation on vmware virtual machine, then according to this subregion, revises the rcS file mount disk directory under linux system etc/init.d/ catalogue, supports virtual machine disk partition.
The disk that it will be understood by those skilled in the art that detection virtual machine is that loading virtual firewall mirror image is necessary, detects disk and not only will detect the subregion of disk, also has the driving type of disk.Because virtual firewall is to operate on the linux system of recompility, in this linux system, want carry disk, first want the original subregion of clear and definite virtual machine, the linux system then recompilating is according to original subregion carry disk.Disk carry is correct like this, and firewall image file just can upload in disk, and persistence, could meet fire wall and repeatedly restarts and do not lose mirror image.
Step 102: retouching operation system information Presentation Function file is the console terminal that virtual machine is used by information display port by serial port terminal modifications.
When operating system is linux, when virtual machine is vmware virtual machine, step 102 is: revise the inittab file under linux system etc catalogue, linux system information is shown by serial port terminal/dev/ttySn and is revised as console terminal/dev/ttyn that vmware virtual machine is used.
Like this, virtual machine could show the log-on message of the linux system recompilating, and virtual firewall operation interface, could realize at the operation interface of virtual firewall check, the operation such as configuration.
Step 103: compiling generates new operating system mirror image certainly.
Step 104: revise startup file and guide new os starting.
When operating system is linux, when virtual machine is vmware virtual machine, step 104 is: the startup file (file directory :/boot/grub/menu.1st), newly-increased startup item, guides new os starting of revising linux system kernel on vmware virtual machine.
Step 105: new operating system loads virtual firewall image file.
It will be appreciated by those skilled in the art that, described virtual firewall is exactly a fire wall logically can be divided into many virtual fire walls, each virtual firewall system can be regarded as a completely independently firewall box, can have independently system resource, keeper, security strategy, user authentication data storehouse etc.
In an embodiment of the present invention, described virtual firewall mirror image comprises some basic business modules of driver module, interface management module, memory management module, order line module and fire wall; In driver module, dispose Microsoft Loopback Adapter and drive in the loading of user's state, while realizing vmware virtual machine dynmaic establishing virtual network interface card, user's state that all can automatically detect and load same number, respective type drives; Make like this virtual firewall mirror image operate in compiled operating system, transmitting-receiving message is also processed, and can as physics firewall box, carry out operation of serial-port, configuration distributing, information inspection etc., realizes the safety virtualization of physics fire wall.
It will be understood by those skilled in the art that described operating system can be also support virtual machine and virtual firewall other from compiling system.
It will be understood by those skilled in the art that above all steps all can realize by service routine code, do not represent actual implementation procedure.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement etc., within all should being included in protection scope of the present invention.
Claims (7)
1. a method for virtual machine operation virtual firewall, is characterized in that, is applied to be provided with on the virtual machine of the operating system compiling, and described method comprises:
Retouching operation system file, makes it to support the disk drive type of virtual machine, to support storage and the loading of virtual firewall mirror image;
Retouching operation system information Presentation Function file is the console terminal that virtual machine is used by information display port by serial port terminal modifications;
From compiling, generate new operating system mirror image;
Revise startup file and guide new os starting;
New operating system loads virtual firewall image file.
2. method according to claim 1, is characterized in that, described operating system is linux.
3. method according to claim 2, is characterized in that, described virtual machine is vmware virtual machine.
4. method according to claim 3, is characterized in that, described retouching operation system file comprises:
Operation linux system directive make menuconfig, clicks the total Options in SCSI disk support under SCSI device support; Meanwhile, click BusLogic SCSI support and VMware PVSCSI driver support option in SCSI Low-level drivers; Click again the total Options in Fusion MPT device support, make linux system support vmware virtual machine disk drive type, detect and drive the disk of vmware virtual machine.
5. method according to claim 4, is characterized in that, described retouching operation system file further comprises:
Operation linux system directive fdisk-1 checks the disk partition situation on vmware virtual machine, then according to this subregion, revises the rcS file mount disk directory under linux system etc/init.d/ catalogue, supports virtual machine disk partition.
6. method according to claim 3, is characterized in that, described retouching operation system information Presentation Function file comprises:
Revise the inittab file under linux system etc catalogue, linux system information is shown by serial port terminal/dev/ttySn and is revised as console terminal/dev/ttyn that vmware virtual machine is used.
7. according to the arbitrary described method of claim 3 to 6, it is characterized in that, described modification startup file guides new os starting to comprise:
Revise the menu.1st file under linux system grub catalogue on vmware virtual machine, newly-increased startup item, guides new os starting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310542134.1A CN103632090B (en) | 2013-11-04 | 2013-11-04 | A kind of virtual machine runs the method for virtual firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310542134.1A CN103632090B (en) | 2013-11-04 | 2013-11-04 | A kind of virtual machine runs the method for virtual firewall |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103632090A true CN103632090A (en) | 2014-03-12 |
| CN103632090B CN103632090B (en) | 2016-06-08 |
Family
ID=50213127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310542134.1A Active CN103632090B (en) | 2013-11-04 | 2013-11-04 | A kind of virtual machine runs the method for virtual firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103632090B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429785A (en) * | 2015-11-02 | 2016-03-23 | 浪潮集团有限公司 | Switch operating system loading method based on SDN mode |
| CN106789896A (en) * | 2016-11-18 | 2017-05-31 | 汉柏科技有限公司 | The method and system that a kind of mandate to virtual firewall is limited |
| CN110995768A (en) * | 2019-12-31 | 2020-04-10 | 奇安信科技集团股份有限公司 | Method, apparatus, device, medium, and program product for constructing and generating firewall |
| CN111224922A (en) * | 2018-11-26 | 2020-06-02 | 顺丰科技有限公司 | Distributed security group module access control method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010105116A (en) * | 2000-05-19 | 2001-11-28 | 김강호 | Linux-Based Integrated Security System for Network and Method thereof, and Semiconductor Device Having These Solutions |
| CN101409714A (en) * | 2008-11-18 | 2009-04-15 | 华南理工大学 | Firewall system based on virtual machine |
| CN201294533Y (en) * | 2008-11-20 | 2009-08-19 | 武汉钢铁(集团)公司 | Intelligent multifunctional safety gateway |
| US20110219148A1 (en) * | 2010-03-03 | 2011-09-08 | Kwang Wee Lee | Method for implementing and application of a secure processor stick (SPS) |
| CN102255903A (en) * | 2011-07-07 | 2011-11-23 | 广州杰赛科技股份有限公司 | Safety isolation method for virtual network and physical network of cloud computing |
-
2013
- 2013-11-04 CN CN201310542134.1A patent/CN103632090B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010105116A (en) * | 2000-05-19 | 2001-11-28 | 김강호 | Linux-Based Integrated Security System for Network and Method thereof, and Semiconductor Device Having These Solutions |
| CN101409714A (en) * | 2008-11-18 | 2009-04-15 | 华南理工大学 | Firewall system based on virtual machine |
| CN201294533Y (en) * | 2008-11-20 | 2009-08-19 | 武汉钢铁(集团)公司 | Intelligent multifunctional safety gateway |
| US20110219148A1 (en) * | 2010-03-03 | 2011-09-08 | Kwang Wee Lee | Method for implementing and application of a secure processor stick (SPS) |
| CN102255903A (en) * | 2011-07-07 | 2011-11-23 | 广州杰赛科技股份有限公司 | Safety isolation method for virtual network and physical network of cloud computing |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105429785A (en) * | 2015-11-02 | 2016-03-23 | 浪潮集团有限公司 | Switch operating system loading method based on SDN mode |
| CN106789896A (en) * | 2016-11-18 | 2017-05-31 | 汉柏科技有限公司 | The method and system that a kind of mandate to virtual firewall is limited |
| CN111224922A (en) * | 2018-11-26 | 2020-06-02 | 顺丰科技有限公司 | Distributed security group module access control method and system |
| CN110995768A (en) * | 2019-12-31 | 2020-04-10 | 奇安信科技集团股份有限公司 | Method, apparatus, device, medium, and program product for constructing and generating firewall |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103632090B (en) | 2016-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12045642B2 (en) | Virtual machine management method and apparatus for cloud platform | |
| US8387045B2 (en) | Cloning image creation using virtual machine environment | |
| CN101206581B (en) | System and method for guiding using external memory device | |
| US8830228B2 (en) | Techniques for enabling remote management of servers configured with graphics processors | |
| US20190087244A1 (en) | Hyperconverged system including a user interface, a services layer and a core layer equipped with an operating system kernel | |
| US11698741B2 (en) | Updating operating system images of inactive compute instances | |
| US20060184650A1 (en) | Method for installing operating system on remote storage: flash deploy and install zone | |
| WO2007065307A2 (en) | Handling a device related operation in a virtualization environment | |
| WO2007071116A1 (en) | Managing device models in a virtual machine cluster environment | |
| CN110968392B (en) | Method and device for upgrading virtualized simulator | |
| CN105893234A (en) | Method for software testing and computing device | |
| CN109656646B (en) | Remote desktop control method, device, equipment and virtualization chip | |
| CN109168328A (en) | The method, apparatus and virtualization system of virtual machine (vm) migration | |
| CN107992381A (en) | System reducing method, device, system, backup and reduction server and storage medium | |
| CN115220797B (en) | Operating system starting and deploying method, device, equipment, medium and program product | |
| CN103632090A (en) | Method for operating virtual firewall on virtual machine | |
| CN106959927A (en) | The method and device of the positional information of logical partition in acquisition virtual machine | |
| CN111694604A (en) | Method, device and equipment for installing drivers in batches and machine-readable storage medium | |
| CN106528226B (en) | Installation method and device of operating system | |
| CN111857961A (en) | Display card transparent transmission method, virtual desktop management system and computer equipment | |
| US11080082B2 (en) | Cross-hypervisor virtual machine conversion | |
| US8549545B2 (en) | Abstraction of computer disk image cloning capabilities from bootable media | |
| US12014161B2 (en) | Deployment of management features using containerized service on management device and application thereof | |
| US20140223112A1 (en) | System and method for managing data elements | |
| CN114296810A (en) | Operating system migration method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PP01 | Preservation of patent right | ||
| PP01 | Preservation of patent right |
Effective date of registration: 20180528 Granted publication date: 20160608 |
|
| PD01 | Discharge of preservation of patent | ||
| PD01 | Discharge of preservation of patent |
Date of cancellation: 20240528 Granted publication date: 20160608 |