CN107483277A - Port management method and device - Google Patents
Port management method and device Download PDFInfo
- Publication number
- CN107483277A CN107483277A CN201710897601.0A CN201710897601A CN107483277A CN 107483277 A CN107483277 A CN 107483277A CN 201710897601 A CN201710897601 A CN 201710897601A CN 107483277 A CN107483277 A CN 107483277A
- Authority
- CN
- China
- Prior art keywords
- management
- port
- interface
- designated
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure is directed to a kind of port management method and device, methods described includes:It is closed mode to set one or more designated ports, and the designated port is port to be managed;Start the firewall services process for Port Management;When detecting the management request for the designated port, judge whether requesting party has the Port Management authority for the designated port;If it is determined that the requesting party has the Port Management authority, then the management interface asked and provided by the firewall services process according to the management is managed the designated port accordingly.Therefore, the disclosure can avoid the requesting party without Port Management authority from managing designated port, improve the security of Port Management.
Description
Technical field
This disclosure relates to communication technical field, more particularly to a kind of port management method and device.
Background technology
Port (port) may be considered the outlet of equipment and extraneous Communication.At present, port including physics except connecing
Outside mouthful, in addition to the port on logical meaning.Port on the logical meaning generally refers to TCP/IP (Transmission
Control Protocol/Internet Protocol, transmission control protocol/internet protocol) port in agreement, its port
Number scope from 0 to 65535.Such as:It is increased " 21 " behind FTP addresses, it is somebody's turn to do " 21 " and means that port numbers.But due to FTP
Server can be by anonymous login, and " 21 " port may also be utilized by wooden horse, so as to cause larger system potential safety hazard.
The content of the invention
To overcome problem present in correlation technique, the embodiment of the present disclosure provides a kind of port management method and device.
According to the first aspect of the embodiment of the present disclosure, there is provided a kind of port management method, methods described include:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends
The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to the management and pass through the fire prevention
The management interface that wall service processes provide is managed the designated port accordingly.
Alternatively, the original state of the one or more designated ports of setting is closed mode, including:
Setting system starts script, and it is closed mode that the system, which starts each designated port in script,;
When system starts, run the system and start script.
Alternatively, it is described to judge whether requesting party has the Port Management authority for the designated port, including:
Judge the requesting party whether in default trust list;
If the requesting party in default trust list, judges whether the requesting party has applied to the port
Administration authority;
If the requesting party has applied to the Port Management authority, it is determined that the requesting party has the port tube
Manage authority.
Alternatively, it is described to judge whether the requesting party has applied to the Port Management authority, including:
If carry the Port Management authority in the management request, it is determined that the requesting party has applied to described
Port Management authority.
Alternatively, the management interface asked according to management and provided by the firewall services process is to the finger
Fixed end mouth is managed accordingly, including:
Management interface and management instruct according to corresponding to determining the management request;
The designated port is managed accordingly by identified management interface and management instruction.
Alternatively, the management request for the designated port includes:Call request for the designated port,
Opening request for the designated port or the turn-off request for the designated port;
The management interface that the firewall services process provides includes:First interface, the first interface should for other
With or process call the designated port;Second interface, the second interface are used to open the designated port;3rd interface,
3rd interface is used to close the designated port;
Management interface and the management according to corresponding to determining the management request instruct, including:
If it is described management request be the call request, it is determined that it is described corresponding to management interface be the first interface,
And the corresponding management instruction is the call instruction for the designated port;
If it is described management request for it is described open ask, it is determined that it is described corresponding to management interface be the second interface,
And the corresponding management instruction is the OPEN of designated port described in pin;
If it is described management request be the turn-off request, it is determined that it is described corresponding to management interface be the 3rd interface,
And the corresponding management instruction is the out code of designated port described in pin.
Alternatively, methods described also includes:
If it is determined that the requesting party does not have the Port Management authority for the designated port, then refusing the management please
Ask.
According to the second aspect of the embodiment of the present disclosure, there is provided a kind of port management means, described device include:
Setup module, it is closed mode to be configured as setting one or more designated ports, and the designated port is to treat pipe
The port of reason;
Starting module, it is configured as starting the firewall services process for Port Management;
Judge module, when being configured as detecting the management request for the designated port, whether judge requesting party
With the Port Management authority for the designated port;
Management module, it is configured as if it is determined that the requesting party has the Port Management authority, then according to the management
The management interface asked and provided by the firewall services process is managed the designated port accordingly.
Alternatively, the setup module includes:
Submodule is set, setting system is configured as and starts script, the system starts each designated ends in script
Mouth is closed mode;
Submodule is run, is configured as when system starts, the system is run and starts script.
Alternatively, the judge module includes:
First judging submodule, it is configured as judging the requesting party whether in default trust list;
Second judging submodule, if being configured as the requesting party in default trust list, judge the request
Whether apply to the Port Management authority side;
First determination sub-module, apply if being configured as the requesting party to the Port Management authority, it is determined that
The requesting party has the Port Management authority.
Alternatively, second judging submodule includes:
Second determination sub-module, if being configured as carrying the Port Management authority in the management request, it is determined that
The requesting party has applied to the Port Management authority.
Alternatively, the management module includes:
3rd determination sub-module, it is configured as management interface and management according to corresponding to determining the management request and instructs;
Submodule is managed, is configured as carrying out phase to the designated port by identified management interface and management instruction
The management answered.
Alternatively, the management request for the designated port includes:Call request for the designated port,
Opening request for the designated port or the turn-off request for the designated port;
The management interface that the firewall services process provides includes:First interface, the first interface should for other
With or process call the designated port;Second interface, the second interface are used to open the designated port;3rd interface,
3rd interface is used to close the designated port;
3rd determination sub-module includes:
4th determination sub-module, if it is the call request to be configured as the management request, it is determined that corresponding to described
Management interface is the first interface and the corresponding management instruction is the call instruction for the designated port;
5th determination sub-module, asked if being configured as the management request for described open, it is determined that corresponding to described
The OPEN that management interface is the second interface and the corresponding management instruction is designated port described in pin;
6th determination sub-module, if it is the turn-off request to be configured as the management request, it is determined that corresponding to described
The out code that management interface is the 3rd interface and the corresponding management instruction is designated port described in pin.
Alternatively, described device also includes:
Refuse module, be configured as if it is determined that the requesting party does not have the Port Management authority, then refusing the pipe
Reason request.
According to the third aspect of the embodiment of the present disclosure, there is provided a kind of port management means described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends
The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to management and taken by the fire wall
The management interface that business process provides is managed the designated port accordingly.
The technical scheme provided by this disclosed embodiment can include the following benefits:
Terminal can be closed mode by setting one or more designated ports in the disclosure, start for Port Management
Firewall services process, when detect for designated port management request when, judge requesting party whether have refer to for this
The Port Management authority of fixed end mouth, if so, the management interface pair then asked according to management and provided by firewall services process
The designated port is managed accordingly, can so avoid the requesting party without Port Management authority from managing designated port,
Improve the security of Port Management.
Terminal can also start script by system and close all designated ports in system when system starts in the disclosure
Close, can so improve security of system.
Terminal can also be by judging that requesting party whether in default trust list, can so identify this in the disclosure
Requesting party whether trusted, then by judging whether requesting party has applied to the Port Management authority for designated port, this
Sample can further identify whether the requesting party has Port Management authority, i.e. requesting party only in default trust list,
And when having applied to Port Management authority for designated port, just with Port Management authority, otherwise without port tube
Authority is managed, so as to improve the reliability of Port Management.
Terminal can also be instructed by management interface and management according to corresponding to management request determination in the disclosure, passed through
Identified management interface and management instruction are managed the designated port accordingly, can so improve the standard of Port Management
True property.
Three interfaces that terminal can also be provided by firewall services process in the disclosure can realize different management
Function, the management function of Port Management is enriched, improve the efficiency of Port Management.
Terminal can also be asked by refusing the management of the requesting party without Port Management authority in the disclosure, so may be used
So that ineligible management request is excluded, qualified management request is only responded, can so accelerate Port Management
Speed.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory, not
The disclosure can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the present invention
Example, and for explaining principle of the invention together with specification.
Fig. 1 is a kind of flow chart of port management method of the disclosure according to an exemplary embodiment;
Fig. 2 is the flow chart of another port management method of the disclosure according to an exemplary embodiment;
Fig. 3 is the flow chart of another port management method of the disclosure according to an exemplary embodiment;
Fig. 4 is the flow chart of another port management method of the disclosure according to an exemplary embodiment;
Fig. 5 is a kind of block diagram of port management means of the disclosure according to an exemplary embodiment;
Fig. 6 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Fig. 7 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Fig. 8 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Fig. 9 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Figure 10 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Figure 11 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Figure 12 is a kind of structural representation suitable for port management means of the disclosure according to an exemplary embodiment
Figure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the disclosure.
It is only merely for the purpose of description specific embodiment in the term that the disclosure uses, and is not intended to be limiting the disclosure.
" one kind " of singulative used in disclosure and the accompanying claims book, " described " and "the" are also intended to including majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped
Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the disclosure
A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from
In the case of disclosure scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
Fig. 1 is a kind of flow chart of port management method of the disclosure according to an exemplary embodiment, the port tube
Reason method can be applied in the equipment for being mounted with android system or class Unix system, such as:User terminal, as shown in figure 1,
The port method comprises the following steps:
In step 110, it is closed mode to set one or more designated ports, and the designated port is end to be managed
Mouthful.
User terminal in the disclosure can be any intelligent terminal with function of surfing the Net, for example, can be specially hand
Machine, tablet personal computer, PDA (Personal Digital Assistant, personal digital assistant) etc..
In the embodiment of the present disclosure, some critical ports that can be in setting system are designated port, i.e., port to be managed.
Such as:It is designated port to set 80 ports, TCP23 ports etc..Wherein, the critical port of system generally generally acknowledges port, without
It is self-defined port.
In Port Management, establish after one or more designated ports, it is necessary to first close these designated ports, so just
Designated port is managed accordingly according to management request.
In the step 120, the firewall services process for Port Management is started.
In the embodiment of the present disclosure, firewall services process can be used for all of the port in management system, especially can be with
Manage these designated ports.Also, the user identifier (User Identifier, UID) of firewall services process can be
AID_FIREWALL。
In step 130, when detecting the management request for designated port, judge whether requesting party has for being somebody's turn to do
The Port Management authority of designated port.
In the embodiment of the present disclosure, designated port can be identified using port numbers.Such as:If the end carried in management request
Slogan is 80, it is determined that management request is the management request for 80 ports.
Requesting party can be proposed for an application for managing request for designated port or a process.Also, ask
There is the Port Management authority for the designated port can include calling the authority of the designated port, and/or opening this referring to for side
The authority of fixed end mouth, and/or the authority for closing the designated port.
In step 140, however, it is determined that requesting party has the Port Management authority for the designated port, then please according to management
Ask and the designated port is managed accordingly by the management interface that firewall services process provides.
In the embodiment of the present disclosure, this is referred in the management interface asked according to management and provided by firewall services process
When fixed end mouth is managed accordingly, management request, management interface, corresponding management are corresponding.
Such as:Management request is the request call designated port, and management interface is calls the interface of the designated port, accordingly
Management for call the designated port.
It is not so good as again:Management request for request open the designated port, management interface for open the designated port interface, phase
The management answered is the opening designated port.
It is not so good as again:Management request for request close the designated port, management interface for close the designated port interface, phase
The management answered is the closing designated port.
As seen from the above-described embodiment, it is closed mode by setting one or more designated ports, starts for port tube
The firewall services process of reason, when detecting the management request for designated port, judge whether requesting party has for being somebody's turn to do
The Port Management authority of designated port, if so, the management interface then asked according to management and provided by firewall services process
The designated port is managed accordingly, can so avoid the requesting party without Port Management authority from managing designated ends
Mouth, improve the security of Port Management.
In one embodiment,, can be with when it is closed mode to set one or more designated ports in above-mentioned steps 110
Using but be not limited to implementations below, as shown in Figure 2:
In step 210, system is set to start script, it is closed mode that the system, which starts each designated port in script,.
In a step 220, when system starts, run the system and start script.
As seen from the above-described embodiment, when system starts, script is started by system and closes all designated ports in system
Close, can so improve security of system.
In one embodiment, in above-mentioned steps 130, judging whether requesting party has the port tube for the designated port
When managing authority, it can use but be not limited to implementations below, as shown in Figure 3:
In the step 310, judge requesting party whether in default trust list.If so, then perform step 320;If it is not,
Then perform step 340.
In the embodiment of the present disclosure, requesting party can be proposed for an application for managing request for designated port or one
Process, when judging that requesting party is whether in default trust list, it can be marked by the UID or group for judging the application or process
Know whether symbol (Group Identifier, GID) is realized in default trust list.
In step 320, judge whether requesting party has applied to the Port Management authority for designated port.If so,
Then perform step 330;If it is not, then perform step 340.
In the embodiment of the present disclosure, if requesting party is in default trust list, it is also necessary to judge the requesting party whether
Apply for the Port Management authority for designated port, its determination methods having a lot, can use but be not limited in the following manner:
If for carrying the Port Management authority for the designated port in the management request of designated port, it is determined that please
Apply to the Port Management authority for the designated port side of asking.
In a step 330, determine that requesting party has Port Management authority, flow terminates.
In step 340, determine that requesting party does not have Port Management authority, flow terminates.
As seen from the above-described embodiment, by judging that requesting party whether in default trust list, can so identify this
Requesting party whether trusted, then by judging whether requesting party has applied to the Port Management authority for designated port, this
Sample can further identify whether the requesting party has Port Management authority, i.e. requesting party only in default trust list,
And when having applied to Port Management authority for designated port, just with Port Management authority, otherwise without port tube
Authority is managed, so as to improve the reliability of Port Management.
In one embodiment, in above-mentioned steps 140, in the pipe asked according to management and provided by firewall services process
When reason interface is managed the designated port accordingly, it can use but be not limited to implementations below, as shown in Figure 4
In step 410, management interface and management instruct according to corresponding to determining management request.
In the embodiment of the present disclosure, management request, management interface and management instruction are one-to-one.Such as:Management request
To open or close the designated port, then management interface and management instruction are also corresponding with opening or closing the designated port.
Management instruction can start realization using similar iptables orders, such as:Nftables orders.Also, assign
Give ability of the management instruction with CAP_NET_ADMIN and CAP_NET_RAW, and it is arranged to 00755 authority, and by its
UID and GID is arranged to AID_FIREWALL and AID_SHELL, can so ensure that management instruction has modification designated port
Ability again by the management instruction be arranged to can only firewall services process call.
Wherein, CAP_NET_ADMIN abilities also refer to perform various network related operationals, interface configuration, IP fire prevention
Wall service processes management, camouflage and audit etc..
CAP_NET_RAW abilities also refer to be tied to any address progress Transparent Proxy etc..
AID_FIREWALL also refers to the UID of firewall services process.
AID_SHELL also refers to the GID of Shell processes.
At step 420, the designated port is managed accordingly by identified management interface and management instruction.
As seen from the above-described embodiment, instructed, passed through by management interface and management according to corresponding to management request determination
Identified management interface and management instruction are managed the designated port accordingly, can so improve the standard of Port Management
True property.
In one embodiment, in above-mentioned steps 410, the management request for designated port can include:For designated ends
The call request of mouth, the turn-off request for the opening request of designated port or for designated port.
The management interface that firewall services process provides includes:First interface, the first interface are used for other application or entered
Journey calls designated port;Second interface, the second interface are used to open designated port;3rd interface, the 3rd interface are used to close
Close designated port.
When management interface corresponding to being determined according to management request and management instruction, following three kinds of situations can be included:
The first:Management request be call request, it is determined that corresponding management interface be first interface and corresponding pipe
Reason instruction is the call instruction for designated port;
Second:Management request for open request, it is determined that corresponding management interface be second interface and corresponding pipe
Reason instruction is the OPEN for designated port;
The third:Management request be turn-off request, it is determined that corresponding management interface be the 3rd interface and corresponding pipe
Reason instruction is the out code for designated port.
As seen from the above-described embodiment, three interfaces provided by firewall services process can realize different management work(
Energy, the management function of Port Management is enriched, improve the efficiency of Port Management.
In one embodiment, after above-mentioned execution step 130, however, it is determined that requesting party does not have the port for the designated port
Administration authority, the management request of the requesting party can be refused.
As seen from the above-described embodiment, the management by refusing the requesting party without Port Management authority is asked, and so may be used
So that ineligible management request is excluded, qualified management request is only responded, can so accelerate Port Management
Speed.
Corresponding with foregoing port management method embodiment, the disclosure additionally provides the embodiment of port management means.
As shown in figure 5, Fig. 5 is a kind of block diagram of port management means of the disclosure according to an exemplary embodiment,
Described device can be applied in the equipment for being mounted with android system or class Unix system, such as:User terminal, and for holding
Port management method shown in row Fig. 1, described device can include:
Setup module 51, it is closed mode to be configured as setting one or more designated ports, and the designated port is to treat
The port of management;
Starting module 52, it is configured as starting the firewall services process for Port Management;
Judge module 53, when being configured as detecting the management request for the designated port, judge that requesting party is
The no Port Management authority having for the designated port;
Management module 54, it is configured as if it is determined that the requesting party has the Port Management authority, then according to the pipe
Reason request is simultaneously managed the designated port accordingly by the management interface of firewall services process offer.
As seen from the above-described embodiment, it is closed mode by setting one or more designated ports, starts for port tube
The firewall services process of reason, when detecting the management request for designated port, judge whether requesting party has for being somebody's turn to do
The Port Management authority of designated port, if so, the management interface then asked according to management and provided by firewall services process
The designated port is managed accordingly, the requesting party for the Port Management authority that can so avoid not having manages designated ends
Mouth, improve the security of Port Management.
As shown in fig. 6, Fig. 6 is the frame of another port management means of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 5, the setup module 51 can include the embodiment:
Submodule 61 is set, setting system is configured as and starts script, the system starts each described specified in script
Port is closed mode;
Submodule 62 is run, is configured as when system starts, the system is run and starts script.
As seen from the above-described embodiment, when system starts, script is started by system and closes all designated ports in system
Close, can so improve security of system.
As shown in fig. 7, Fig. 7 is the frame of another port management means of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 5, the judge module 53 can include the embodiment:
First judging submodule 71, it is configured as judging the requesting party whether in default trust list;
Second judging submodule 72, if being configured as the requesting party in default trust list, judge described ask
Whether apply to the Port Management authority side of asking;
First determination sub-module 73, apply if being configured as the requesting party to the Port Management authority, really
The fixed requesting party has the Port Management authority.
As seen from the above-described embodiment, by judging that requesting party whether in default trust list, can so identify this
Requesting party whether trusted, then by judging whether requesting party has applied to the Port Management authority for designated port, this
Sample can further identify whether the requesting party has Port Management authority, i.e. requesting party only in default trust list,
And when having applied to Port Management authority for designated port, just with Port Management authority, otherwise without port tube
Authority is managed, so as to improve the reliability of Port Management.
As shown in figure 8, Fig. 8 is the frame of another port management means of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 7, second judging submodule 72 can include the embodiment:
Second determination sub-module 81, if being configured as carrying the Port Management authority in the management request, really
The fixed requesting party has applied to the Port Management authority.
As shown in figure 9, Fig. 9 is the frame of another port management means of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 5, the management module 54 can include the embodiment:
3rd determination sub-module 91, it is configured as management interface and management according to corresponding to determining the management request and refers to
Order;
Submodule 92 is managed, is configured as carrying out the designated port by identified management interface and management instruction
Corresponding management.
As seen from the above-described embodiment, instructed, passed through by management interface and management according to corresponding to management request determination
Identified management interface and management instruction are managed the designated port accordingly, can so improve the standard of Port Management
True property.
As shown in Figure 10, Figure 10 is the frame of another port management means of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 9, the management request for the designated port includes the embodiment:Pin
Call request to the designated port, the closing for the opening request of the designated port or for the designated port
Request;The management interface that the firewall services process provides includes:First interface, the first interface be used for other application or
Process calls the designated port;Second interface, the second interface are used to open the designated port;3rd interface, it is described
3rd interface is used to close the designated port;3rd determination sub-module 91 can include:
4th determination sub-module 101, if it is the call request to be configured as the management request, it is determined that the correspondence
Management interface be the first interface and it is described corresponding to management instruction be for the designated port call instruction;
5th determination sub-module 102, asked if being configured as the management request for described open, it is determined that the correspondence
Management interface be the second interface and it is described corresponding to management instruction be designated port described in pin OPEN;
6th determination sub-module 103, if it is the turn-off request to be configured as the management request, it is determined that the correspondence
Management interface be the 3rd interface and it is described corresponding to management instruction be designated port described in pin out code.
As seen from the above-described embodiment, three interfaces provided by firewall services process can realize different management work(
Energy, the management function of Port Management is enriched, improve the efficiency of Port Management.
As shown in figure 11, Figure 11 is the frame of another port management means of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 5, described device can also include the embodiment:
Refuse module 111, be configured as if it is determined that the requesting party does not have the Port Management authority, then described in refusal
Management request.
As seen from the above-described embodiment, the management by refusing the requesting party without Port Management authority is asked, and so may be used
So that ineligible management request is excluded, qualified management request is only responded, can so accelerate Port Management
Speed.
Corresponding with Fig. 5, the disclosure also provides another port management means, and described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends
The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to management and taken by the fire wall
The management interface that business process provides is managed the designated port accordingly.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus
Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method
Apply the part explanation of example.Device embodiment described above is only schematical, wherein illustrating as separating component
Unit can be or may not be physically separate, can be as the part that unit is shown or may not be
Physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to the actual needs
Some or all of module therein is selected to realize the purpose of disclosure scheme.Those of ordinary skill in the art are not paying wound
In the case that the property made is worked, you can to understand and implement.
As shown in figure 12, Figure 12 is that the one kind of the disclosure according to an exemplary embodiment is applied to Port Management 1200
Structural representation.For example, device 1200 can be the mobile phone for having routing function, computer, digital broadcast terminal, disappear
Cease transceiver, game console, tablet device, Medical Devices, body-building equipment, personal digital assistant etc..
Reference picture 12, device 1200 can include following one or more assemblies:Processing component 1202, memory 1204,
Power supply module 1206, multimedia groupware 1208, audio-frequency assembly 1210, the interface 1212 of input/output (I/O), sensor cluster
1214, and communication component 1216.
The integrated operation of the usual control device 1200 of processing component 1202, such as communicated with display, call, data,
The operation that camera operation and record operation are associated.Processing component 1202 can include one or more processors 1220 to perform
Instruction, to complete all or part of step of above-mentioned method.In addition, processing component 1202 can include one or more moulds
Block, the interaction being easy between processing component 1202 and other assemblies.For example, processing component 1202 can include multi-media module,
To facilitate the interaction between multimedia groupware 1208 and processing component 1202.
Memory 1204 is configured as storing various types of data to support the operation in device 1200.These data
Example includes being used for the instruction of any application program or method operated on device 1200, contact data, telephone book data,
Message, picture, video etc..Memory 1204 can by any kind of volatibility or non-volatile memory device or they
Combination is realized, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), it is erasable can
Program read-only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, flash memory
Reservoir, disk or CD.
Power supply module 1206 provides electric power for the various assemblies of device 1200.Power supply module 1206 can include power management
System, one or more power supplys, and other components associated with generating, managing and distributing electric power for device 1200.
Multimedia groupware 1208 is included in the screen of one output interface of offer between described device 1200 and user.
In some embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel,
Screen may be implemented as touch-screen, to receive the input signal from user.Touch panel includes one or more touch and passed
Sensor is with the gesture on sensing touch, slip and touch panel.The touch sensor can not only sensing touch or slip be dynamic
The border of work, but also detect the duration and pressure related to the touch or slide.In certain embodiments, it is more
Media component 1208 includes a front camera and/or rear camera.When device 1200 is in operator scheme, mould is such as shot
When formula or video mode, front camera and/or rear camera can receive outside multi-medium data.Each preposition shooting
Head and rear camera can be a fixed optical lens system or have focusing and optical zoom capabilities.
Audio-frequency assembly 1210 is configured as output and/or input audio signal.For example, audio-frequency assembly 1210 includes a wheat
Gram wind (MIC), when device 1200 is in operator scheme, during such as call model, logging mode and speech recognition mode, microphone quilt
It is configured to receive external audio signal.The audio signal received can be further stored in memory 1204 or via communication
Component 1216 is sent.In certain embodiments, audio-frequency assembly 1210 also includes a loudspeaker, for exports audio signal.
I/O interfaces 1212 provide interface, above-mentioned peripheral interface module between processing component 1202 and peripheral interface module
Can be keyboard, click wheel, button etc..These buttons may include but be not limited to:Home button, volume button, start button and
Locking press button.
Sensor cluster 1214 includes one or more sensors, and the state for providing various aspects for device 1200 is commented
Estimate.For example, sensor cluster 1214 can detect opening/closed mode of device 1200, the relative positioning of component, such as institute
The display and keypad that component is device 1200 are stated, sensor cluster 1214 can be with detection means 1200 or device 1,200 1
The position of individual component changes, the existence or non-existence that user contacts with device 1200, the orientation of device 1200 or acceleration/deceleration and dress
Put 1200 temperature change.Sensor cluster 1214 can include proximity transducer, be configured in no any physics
The presence of object nearby is detected during contact.Sensor cluster 1214 can also include optical sensor, as CMOS or ccd image are sensed
Device, for being used in imaging applications.In certain embodiments, the sensor cluster 1214 can also include acceleration sensing
Device, gyro sensor, Magnetic Sensor, pressure sensor, microwave remote sensor or temperature sensor.
Communication component 1216 is configured to facilitate the communication of wired or wireless way between device 1200 and other equipment.Dress
The wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof can be accessed by putting 1200.It is exemplary at one
In embodiment, communication component 1216 receives broadcast singal or broadcast correlation from external broadcasting management system via broadcast channel
Information.In one exemplary embodiment, the communication component 1216 also includes near-field communication (NFC) module, to promote short distance
Communication.For example, radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band can be based in NFC module
(UWB) technology, bluetooth (BT) technology and other technologies are realized.
In the exemplary embodiment, device 1200 can be by one or more application specific integrated circuits (ASIC), numeral
Signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array
(FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for performing following methods:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends
The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to management and taken by the fire wall
The management interface that business process provides is managed the designated port accordingly.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instructing, example are additionally provided
Such as include the memory 1204 of instruction, above-mentioned instruction can be performed to complete the above method by the processor 1220 of device 1200.Example
Such as, the non-transitorycomputer readable storage medium can be ROM, it is random access memory (RAM), CD-ROM, tape, soft
Disk and optical data storage devices etc..
Those skilled in the art will readily occur to the disclosure its after considering specification and putting into practice invention disclosed herein
Its embodiment.The disclosure is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or
Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledges in the art of the disclosure
Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following
Claim is pointed out.
It should be appreciated that the precision architecture that the disclosure is not limited to be described above and is shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.
Claims (15)
1. a kind of port management method, it is characterised in that methods described includes:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has for the designated port
Port Management authority;
If it is determined that the requesting party has the Port Management authority, then asked according to the management and taken by the fire wall
The management interface that business process provides is managed the designated port accordingly.
2. according to the method for claim 1, it is characterised in that the original state that one or more designated ports are set
For closed mode, including:
Setting system starts script, and it is closed mode that the system, which starts each designated port in script,;
When system starts, run the system and start script.
3. according to the method for claim 1, it is characterised in that described to judge requesting party whether with being directed to the designated ends
The Port Management authority of mouth, including:
Judge the requesting party whether in default trust list;
If the requesting party in default trust list, judges whether the requesting party has applied to the Port Management
Authority;
If the requesting party has applied to the Port Management authority, it is determined that there is the requesting party Port Management to weigh
Limit.
4. according to the method for claim 3, it is characterised in that described to judge whether the requesting party has applied to described
Port Management authority, including:
If carry the Port Management authority in the management request, it is determined that the requesting party has applied to the port
Administration authority.
5. according to the method for claim 1, it is characterised in that described to be asked according to management and pass through the firewall services
The management interface that process provides is managed the designated port accordingly, including:
Management interface and management instruct according to corresponding to determining the management request;
The designated port is managed accordingly by identified management interface and management instruction.
6. according to the method for claim 5, it is characterised in that the management request for the designated port includes:
Call request for the designated port, the pass for the opening request of the designated port or for the designated port
Close request;
The management interface that the firewall services process provides includes:First interface, the first interface be used for other application or
Process calls the designated port;Second interface, the second interface are used to open the designated port;3rd interface, it is described
3rd interface is used to close the designated port;
Management interface and the management according to corresponding to determining the management request instruct, including:
If the management request be the call request, it is determined that management interface corresponding to described for the first interface and
Management instruction corresponding to described is the call instruction for the designated port;
If it is described management request for it is described open ask, it is determined that it is described corresponding to management interface be the second interface and
Management instruction corresponding to described is the OPEN of designated port described in pin;
If the management request be the turn-off request, it is determined that management interface corresponding to described for the 3rd interface and
Management instruction corresponding to described is the out code of designated port described in pin.
7. according to the method for claim 1, it is characterised in that methods described also includes:
If it is determined that the requesting party does not have the Port Management authority for the designated port, then refuse the management request.
8. a kind of port device, it is characterised in that described device includes:
Setup module, it is closed mode to be configured as setting one or more designated ports, and the designated port is to be managed
Port;
Starting module, it is configured as starting the firewall services process for Port Management;
Judge module, when being configured as detecting the management request for the designated port, judge whether requesting party has
For the Port Management authority of the designated port;
Management module, it is configured as if it is determined that the requesting party has the Port Management authority, then according to the management request
And the management interface provided by the firewall services process is managed the designated port accordingly.
9. device according to claim 8, it is characterised in that the setup module includes:
Submodule is set, setting system is configured as and starts script, the system starts each designated port in script and is
Closed mode;
Submodule is run, is configured as when system starts, the system is run and starts script.
10. device according to claim 8, it is characterised in that the judge module includes:
First judging submodule, it is configured as judging the requesting party whether in default trust list;
Second judging submodule, if being configured as the requesting party in default trust list, judge that the requesting party is
It is no to have applied to the Port Management authority;
First determination sub-module, apply if being configured as the requesting party to the Port Management authority, it is determined that described
Requesting party has the Port Management authority.
11. device according to claim 10, it is characterised in that second judging submodule includes:
Second determination sub-module, if being configured as carrying the Port Management authority in the management request, it is determined that described
Requesting party has applied to the Port Management authority.
12. device according to claim 8, it is characterised in that the management module includes:
3rd determination sub-module, it is configured as management interface and management according to corresponding to determining the management request and instructs;
Submodule is managed, is configured as corresponding to designated port progress by identified management interface and management instruction
Management.
13. device according to claim 12, it is characterised in that the management request bag for the designated port
Include:Call request for the designated port, for the opening request of the designated port or for the designated port
Turn-off request;
The management interface that the firewall services process provides includes:First interface, the first interface be used for other application or
Process calls the designated port;Second interface, the second interface are used to open the designated port;3rd interface, it is described
3rd interface is used to close the designated port;
3rd determination sub-module includes:
4th determination sub-module, if it is the call request to be configured as the management request, it is determined that managed corresponding to described
Interface is the first interface and the corresponding management instruction is the call instruction for the designated port;
5th determination sub-module, asked if being configured as the management request for described open, it is determined that managed corresponding to described
The OPEN that interface is the second interface and the corresponding management instruction is designated port described in pin;
6th determination sub-module, if it is the turn-off request to be configured as the management request, it is determined that managed corresponding to described
The out code that interface is the 3rd interface and the corresponding management instruction is designated port described in pin.
14. device according to claim 8, it is characterised in that described device also includes:
Refuse module, be configured as if it is determined that the requesting party does not have the Port Management authority, then refusing the management please
Ask.
15. a kind of port management means, it is characterised in that described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has for the designated port
Port Management authority;
If it is determined that the requesting party has the Port Management authority, then asked according to the management and taken by the fire wall
The management interface that business process provides is managed the designated port accordingly.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710897601.0A CN107483277A (en) | 2017-09-28 | 2017-09-28 | Port management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710897601.0A CN107483277A (en) | 2017-09-28 | 2017-09-28 | Port management method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107483277A true CN107483277A (en) | 2017-12-15 |
Family
ID=60604903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710897601.0A Pending CN107483277A (en) | 2017-09-28 | 2017-09-28 | Port management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483277A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833362A (en) * | 2018-05-23 | 2018-11-16 | 邱婧 | A kind of equipment access authority control method, apparatus and system |
CN110737560A (en) * | 2019-10-22 | 2020-01-31 | 北京百度网讯科技有限公司 | service state detection method, device, electronic equipment and medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080148380A1 (en) * | 2006-10-30 | 2008-06-19 | Microsoft Corporation | Dynamic updating of firewall parameters |
CN102724176A (en) * | 2012-02-23 | 2012-10-10 | 北京市计算中心 | Intrusion detection system facing cloud calculating environment |
CN103246849A (en) * | 2013-05-30 | 2013-08-14 | 浪潮集团有限公司 | Safe running method based on ROST under Windows |
CN104104679A (en) * | 2014-07-18 | 2014-10-15 | 四川中亚联邦科技有限公司 | Data processing method based on private cloud |
CN104252584A (en) * | 2013-06-28 | 2014-12-31 | 华为数字技术(苏州)有限公司 | Method and device for protecting website content |
CN106228078A (en) * | 2016-07-29 | 2016-12-14 | 浪潮电子信息产业股份有限公司 | Safe operation method based on enhanced ROST under Linux |
-
2017
- 2017-09-28 CN CN201710897601.0A patent/CN107483277A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080148380A1 (en) * | 2006-10-30 | 2008-06-19 | Microsoft Corporation | Dynamic updating of firewall parameters |
CN102724176A (en) * | 2012-02-23 | 2012-10-10 | 北京市计算中心 | Intrusion detection system facing cloud calculating environment |
CN103246849A (en) * | 2013-05-30 | 2013-08-14 | 浪潮集团有限公司 | Safe running method based on ROST under Windows |
CN104252584A (en) * | 2013-06-28 | 2014-12-31 | 华为数字技术(苏州)有限公司 | Method and device for protecting website content |
CN104104679A (en) * | 2014-07-18 | 2014-10-15 | 四川中亚联邦科技有限公司 | Data processing method based on private cloud |
CN106228078A (en) * | 2016-07-29 | 2016-12-14 | 浪潮电子信息产业股份有限公司 | Safe operation method based on enhanced ROST under Linux |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833362A (en) * | 2018-05-23 | 2018-11-16 | 邱婧 | A kind of equipment access authority control method, apparatus and system |
CN108833362B (en) * | 2018-05-23 | 2021-05-07 | 邱婧 | Equipment access authority control method, device and system |
CN110737560A (en) * | 2019-10-22 | 2020-01-31 | 北京百度网讯科技有限公司 | service state detection method, device, electronic equipment and medium |
CN110737560B (en) * | 2019-10-22 | 2023-10-20 | 北京百度网讯科技有限公司 | Service state detection method and device, electronic equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468837B (en) | The binding method and device of smart machine | |
CN103916829B (en) | A kind of desktop Notification Method of message and device | |
CN104601441B (en) | For the authority control method and instant communication client of group chat | |
CN104391870B (en) | Logistics information acquisition methods and device | |
CN106487622A (en) | Equipment control sharing method and device | |
CN104113530B (en) | The method and device of access router | |
CN107204883A (en) | Network failure processing method and device | |
CN106970769A (en) | Multi-screen display method and device | |
CN104125162B (en) | The access processing method and device of Internet resources | |
CN104166602B (en) | Data back up method and device, electronic equipment | |
CN105847243A (en) | Method and device for accessing smart camera | |
CN107809491A (en) | The method for down loading and device of installation kit | |
CN107094094A (en) | Networking methods, device and the terminal of application program | |
CN106535191A (en) | Network connection establishing method and device | |
CN107959757A (en) | User information processing method, device, APP servers and terminal device | |
CN107395624A (en) | Information processing method and device | |
CN107562500A (en) | Debugging apparatus, method and apparatus | |
CN107483277A (en) | Port management method and device | |
CN106598540A (en) | Audio playing method and device | |
CN106611112A (en) | Application program safe processing method, device and equipment | |
CN106658467A (en) | Virtual SIM card management method and device | |
CN106534551A (en) | Information display method and apparatus | |
CN107958038A (en) | Speaker control method and device | |
CN107819836A (en) | The remapping method and device of facility information | |
CN106331780A (en) | Method, device, equipment and system for authorizing live broadcast |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171215 |