CN107483277A - Port management method and device - Google Patents

Port management method and device Download PDF

Info

Publication number
CN107483277A
CN107483277A CN201710897601.0A CN201710897601A CN107483277A CN 107483277 A CN107483277 A CN 107483277A CN 201710897601 A CN201710897601 A CN 201710897601A CN 107483277 A CN107483277 A CN 107483277A
Authority
CN
China
Prior art keywords
management
port
interface
designated
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710897601.0A
Other languages
Chinese (zh)
Inventor
李明浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201710897601.0A priority Critical patent/CN107483277A/en
Publication of CN107483277A publication Critical patent/CN107483277A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure is directed to a kind of port management method and device, methods described includes:It is closed mode to set one or more designated ports, and the designated port is port to be managed;Start the firewall services process for Port Management;When detecting the management request for the designated port, judge whether requesting party has the Port Management authority for the designated port;If it is determined that the requesting party has the Port Management authority, then the management interface asked and provided by the firewall services process according to the management is managed the designated port accordingly.Therefore, the disclosure can avoid the requesting party without Port Management authority from managing designated port, improve the security of Port Management.

Description

Port management method and device
Technical field
This disclosure relates to communication technical field, more particularly to a kind of port management method and device.
Background technology
Port (port) may be considered the outlet of equipment and extraneous Communication.At present, port including physics except connecing Outside mouthful, in addition to the port on logical meaning.Port on the logical meaning generally refers to TCP/IP (Transmission Control Protocol/Internet Protocol, transmission control protocol/internet protocol) port in agreement, its port Number scope from 0 to 65535.Such as:It is increased " 21 " behind FTP addresses, it is somebody's turn to do " 21 " and means that port numbers.But due to FTP Server can be by anonymous login, and " 21 " port may also be utilized by wooden horse, so as to cause larger system potential safety hazard.
The content of the invention
To overcome problem present in correlation technique, the embodiment of the present disclosure provides a kind of port management method and device.
According to the first aspect of the embodiment of the present disclosure, there is provided a kind of port management method, methods described include:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to the management and pass through the fire prevention The management interface that wall service processes provide is managed the designated port accordingly.
Alternatively, the original state of the one or more designated ports of setting is closed mode, including:
Setting system starts script, and it is closed mode that the system, which starts each designated port in script,;
When system starts, run the system and start script.
Alternatively, it is described to judge whether requesting party has the Port Management authority for the designated port, including:
Judge the requesting party whether in default trust list;
If the requesting party in default trust list, judges whether the requesting party has applied to the port Administration authority;
If the requesting party has applied to the Port Management authority, it is determined that the requesting party has the port tube Manage authority.
Alternatively, it is described to judge whether the requesting party has applied to the Port Management authority, including:
If carry the Port Management authority in the management request, it is determined that the requesting party has applied to described Port Management authority.
Alternatively, the management interface asked according to management and provided by the firewall services process is to the finger Fixed end mouth is managed accordingly, including:
Management interface and management instruct according to corresponding to determining the management request;
The designated port is managed accordingly by identified management interface and management instruction.
Alternatively, the management request for the designated port includes:Call request for the designated port, Opening request for the designated port or the turn-off request for the designated port;
The management interface that the firewall services process provides includes:First interface, the first interface should for other With or process call the designated port;Second interface, the second interface are used to open the designated port;3rd interface, 3rd interface is used to close the designated port;
Management interface and the management according to corresponding to determining the management request instruct, including:
If it is described management request be the call request, it is determined that it is described corresponding to management interface be the first interface, And the corresponding management instruction is the call instruction for the designated port;
If it is described management request for it is described open ask, it is determined that it is described corresponding to management interface be the second interface, And the corresponding management instruction is the OPEN of designated port described in pin;
If it is described management request be the turn-off request, it is determined that it is described corresponding to management interface be the 3rd interface, And the corresponding management instruction is the out code of designated port described in pin.
Alternatively, methods described also includes:
If it is determined that the requesting party does not have the Port Management authority for the designated port, then refusing the management please Ask.
According to the second aspect of the embodiment of the present disclosure, there is provided a kind of port management means, described device include:
Setup module, it is closed mode to be configured as setting one or more designated ports, and the designated port is to treat pipe The port of reason;
Starting module, it is configured as starting the firewall services process for Port Management;
Judge module, when being configured as detecting the management request for the designated port, whether judge requesting party With the Port Management authority for the designated port;
Management module, it is configured as if it is determined that the requesting party has the Port Management authority, then according to the management The management interface asked and provided by the firewall services process is managed the designated port accordingly.
Alternatively, the setup module includes:
Submodule is set, setting system is configured as and starts script, the system starts each designated ends in script Mouth is closed mode;
Submodule is run, is configured as when system starts, the system is run and starts script.
Alternatively, the judge module includes:
First judging submodule, it is configured as judging the requesting party whether in default trust list;
Second judging submodule, if being configured as the requesting party in default trust list, judge the request Whether apply to the Port Management authority side;
First determination sub-module, apply if being configured as the requesting party to the Port Management authority, it is determined that The requesting party has the Port Management authority.
Alternatively, second judging submodule includes:
Second determination sub-module, if being configured as carrying the Port Management authority in the management request, it is determined that The requesting party has applied to the Port Management authority.
Alternatively, the management module includes:
3rd determination sub-module, it is configured as management interface and management according to corresponding to determining the management request and instructs;
Submodule is managed, is configured as carrying out phase to the designated port by identified management interface and management instruction The management answered.
Alternatively, the management request for the designated port includes:Call request for the designated port, Opening request for the designated port or the turn-off request for the designated port;
The management interface that the firewall services process provides includes:First interface, the first interface should for other With or process call the designated port;Second interface, the second interface are used to open the designated port;3rd interface, 3rd interface is used to close the designated port;
3rd determination sub-module includes:
4th determination sub-module, if it is the call request to be configured as the management request, it is determined that corresponding to described Management interface is the first interface and the corresponding management instruction is the call instruction for the designated port;
5th determination sub-module, asked if being configured as the management request for described open, it is determined that corresponding to described The OPEN that management interface is the second interface and the corresponding management instruction is designated port described in pin;
6th determination sub-module, if it is the turn-off request to be configured as the management request, it is determined that corresponding to described The out code that management interface is the 3rd interface and the corresponding management instruction is designated port described in pin.
Alternatively, described device also includes:
Refuse module, be configured as if it is determined that the requesting party does not have the Port Management authority, then refusing the pipe Reason request.
According to the third aspect of the embodiment of the present disclosure, there is provided a kind of port management means described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to management and taken by the fire wall The management interface that business process provides is managed the designated port accordingly.
The technical scheme provided by this disclosed embodiment can include the following benefits:
Terminal can be closed mode by setting one or more designated ports in the disclosure, start for Port Management Firewall services process, when detect for designated port management request when, judge requesting party whether have refer to for this The Port Management authority of fixed end mouth, if so, the management interface pair then asked according to management and provided by firewall services process The designated port is managed accordingly, can so avoid the requesting party without Port Management authority from managing designated port, Improve the security of Port Management.
Terminal can also start script by system and close all designated ports in system when system starts in the disclosure Close, can so improve security of system.
Terminal can also be by judging that requesting party whether in default trust list, can so identify this in the disclosure Requesting party whether trusted, then by judging whether requesting party has applied to the Port Management authority for designated port, this Sample can further identify whether the requesting party has Port Management authority, i.e. requesting party only in default trust list, And when having applied to Port Management authority for designated port, just with Port Management authority, otherwise without port tube Authority is managed, so as to improve the reliability of Port Management.
Terminal can also be instructed by management interface and management according to corresponding to management request determination in the disclosure, passed through Identified management interface and management instruction are managed the designated port accordingly, can so improve the standard of Port Management True property.
Three interfaces that terminal can also be provided by firewall services process in the disclosure can realize different management Function, the management function of Port Management is enriched, improve the efficiency of Port Management.
Terminal can also be asked by refusing the management of the requesting party without Port Management authority in the disclosure, so may be used So that ineligible management request is excluded, qualified management request is only responded, can so accelerate Port Management Speed.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory, not The disclosure can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the present invention Example, and for explaining principle of the invention together with specification.
Fig. 1 is a kind of flow chart of port management method of the disclosure according to an exemplary embodiment;
Fig. 2 is the flow chart of another port management method of the disclosure according to an exemplary embodiment;
Fig. 3 is the flow chart of another port management method of the disclosure according to an exemplary embodiment;
Fig. 4 is the flow chart of another port management method of the disclosure according to an exemplary embodiment;
Fig. 5 is a kind of block diagram of port management means of the disclosure according to an exemplary embodiment;
Fig. 6 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Fig. 7 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Fig. 8 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Fig. 9 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Figure 10 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Figure 11 is the block diagram of another port management means of the disclosure according to an exemplary embodiment;
Figure 12 is a kind of structural representation suitable for port management means of the disclosure according to an exemplary embodiment Figure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects be described in detail in claims, the disclosure.
It is only merely for the purpose of description specific embodiment in the term that the disclosure uses, and is not intended to be limiting the disclosure. " one kind " of singulative used in disclosure and the accompanying claims book, " described " and "the" are also intended to including majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the disclosure A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from In the case of disclosure scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Fig. 1 is a kind of flow chart of port management method of the disclosure according to an exemplary embodiment, the port tube Reason method can be applied in the equipment for being mounted with android system or class Unix system, such as:User terminal, as shown in figure 1, The port method comprises the following steps:
In step 110, it is closed mode to set one or more designated ports, and the designated port is end to be managed Mouthful.
User terminal in the disclosure can be any intelligent terminal with function of surfing the Net, for example, can be specially hand Machine, tablet personal computer, PDA (Personal Digital Assistant, personal digital assistant) etc..
In the embodiment of the present disclosure, some critical ports that can be in setting system are designated port, i.e., port to be managed. Such as:It is designated port to set 80 ports, TCP23 ports etc..Wherein, the critical port of system generally generally acknowledges port, without It is self-defined port.
In Port Management, establish after one or more designated ports, it is necessary to first close these designated ports, so just Designated port is managed accordingly according to management request.
In the step 120, the firewall services process for Port Management is started.
In the embodiment of the present disclosure, firewall services process can be used for all of the port in management system, especially can be with Manage these designated ports.Also, the user identifier (User Identifier, UID) of firewall services process can be AID_FIREWALL。
In step 130, when detecting the management request for designated port, judge whether requesting party has for being somebody's turn to do The Port Management authority of designated port.
In the embodiment of the present disclosure, designated port can be identified using port numbers.Such as:If the end carried in management request Slogan is 80, it is determined that management request is the management request for 80 ports.
Requesting party can be proposed for an application for managing request for designated port or a process.Also, ask There is the Port Management authority for the designated port can include calling the authority of the designated port, and/or opening this referring to for side The authority of fixed end mouth, and/or the authority for closing the designated port.
In step 140, however, it is determined that requesting party has the Port Management authority for the designated port, then please according to management Ask and the designated port is managed accordingly by the management interface that firewall services process provides.
In the embodiment of the present disclosure, this is referred in the management interface asked according to management and provided by firewall services process When fixed end mouth is managed accordingly, management request, management interface, corresponding management are corresponding.
Such as:Management request is the request call designated port, and management interface is calls the interface of the designated port, accordingly Management for call the designated port.
It is not so good as again:Management request for request open the designated port, management interface for open the designated port interface, phase The management answered is the opening designated port.
It is not so good as again:Management request for request close the designated port, management interface for close the designated port interface, phase The management answered is the closing designated port.
As seen from the above-described embodiment, it is closed mode by setting one or more designated ports, starts for port tube The firewall services process of reason, when detecting the management request for designated port, judge whether requesting party has for being somebody's turn to do The Port Management authority of designated port, if so, the management interface then asked according to management and provided by firewall services process The designated port is managed accordingly, can so avoid the requesting party without Port Management authority from managing designated ends Mouth, improve the security of Port Management.
In one embodiment,, can be with when it is closed mode to set one or more designated ports in above-mentioned steps 110 Using but be not limited to implementations below, as shown in Figure 2:
In step 210, system is set to start script, it is closed mode that the system, which starts each designated port in script,.
In a step 220, when system starts, run the system and start script.
As seen from the above-described embodiment, when system starts, script is started by system and closes all designated ports in system Close, can so improve security of system.
In one embodiment, in above-mentioned steps 130, judging whether requesting party has the port tube for the designated port When managing authority, it can use but be not limited to implementations below, as shown in Figure 3:
In the step 310, judge requesting party whether in default trust list.If so, then perform step 320;If it is not, Then perform step 340.
In the embodiment of the present disclosure, requesting party can be proposed for an application for managing request for designated port or one Process, when judging that requesting party is whether in default trust list, it can be marked by the UID or group for judging the application or process Know whether symbol (Group Identifier, GID) is realized in default trust list.
In step 320, judge whether requesting party has applied to the Port Management authority for designated port.If so, Then perform step 330;If it is not, then perform step 340.
In the embodiment of the present disclosure, if requesting party is in default trust list, it is also necessary to judge the requesting party whether Apply for the Port Management authority for designated port, its determination methods having a lot, can use but be not limited in the following manner:
If for carrying the Port Management authority for the designated port in the management request of designated port, it is determined that please Apply to the Port Management authority for the designated port side of asking.
In a step 330, determine that requesting party has Port Management authority, flow terminates.
In step 340, determine that requesting party does not have Port Management authority, flow terminates.
As seen from the above-described embodiment, by judging that requesting party whether in default trust list, can so identify this Requesting party whether trusted, then by judging whether requesting party has applied to the Port Management authority for designated port, this Sample can further identify whether the requesting party has Port Management authority, i.e. requesting party only in default trust list, And when having applied to Port Management authority for designated port, just with Port Management authority, otherwise without port tube Authority is managed, so as to improve the reliability of Port Management.
In one embodiment, in above-mentioned steps 140, in the pipe asked according to management and provided by firewall services process When reason interface is managed the designated port accordingly, it can use but be not limited to implementations below, as shown in Figure 4
In step 410, management interface and management instruct according to corresponding to determining management request.
In the embodiment of the present disclosure, management request, management interface and management instruction are one-to-one.Such as:Management request To open or close the designated port, then management interface and management instruction are also corresponding with opening or closing the designated port.
Management instruction can start realization using similar iptables orders, such as:Nftables orders.Also, assign Give ability of the management instruction with CAP_NET_ADMIN and CAP_NET_RAW, and it is arranged to 00755 authority, and by its UID and GID is arranged to AID_FIREWALL and AID_SHELL, can so ensure that management instruction has modification designated port Ability again by the management instruction be arranged to can only firewall services process call.
Wherein, CAP_NET_ADMIN abilities also refer to perform various network related operationals, interface configuration, IP fire prevention Wall service processes management, camouflage and audit etc..
CAP_NET_RAW abilities also refer to be tied to any address progress Transparent Proxy etc..
AID_FIREWALL also refers to the UID of firewall services process.
AID_SHELL also refers to the GID of Shell processes.
At step 420, the designated port is managed accordingly by identified management interface and management instruction.
As seen from the above-described embodiment, instructed, passed through by management interface and management according to corresponding to management request determination Identified management interface and management instruction are managed the designated port accordingly, can so improve the standard of Port Management True property.
In one embodiment, in above-mentioned steps 410, the management request for designated port can include:For designated ends The call request of mouth, the turn-off request for the opening request of designated port or for designated port.
The management interface that firewall services process provides includes:First interface, the first interface are used for other application or entered Journey calls designated port;Second interface, the second interface are used to open designated port;3rd interface, the 3rd interface are used to close Close designated port.
When management interface corresponding to being determined according to management request and management instruction, following three kinds of situations can be included:
The first:Management request be call request, it is determined that corresponding management interface be first interface and corresponding pipe Reason instruction is the call instruction for designated port;
Second:Management request for open request, it is determined that corresponding management interface be second interface and corresponding pipe Reason instruction is the OPEN for designated port;
The third:Management request be turn-off request, it is determined that corresponding management interface be the 3rd interface and corresponding pipe Reason instruction is the out code for designated port.
As seen from the above-described embodiment, three interfaces provided by firewall services process can realize different management work( Energy, the management function of Port Management is enriched, improve the efficiency of Port Management.
In one embodiment, after above-mentioned execution step 130, however, it is determined that requesting party does not have the port for the designated port Administration authority, the management request of the requesting party can be refused.
As seen from the above-described embodiment, the management by refusing the requesting party without Port Management authority is asked, and so may be used So that ineligible management request is excluded, qualified management request is only responded, can so accelerate Port Management Speed.
Corresponding with foregoing port management method embodiment, the disclosure additionally provides the embodiment of port management means.
As shown in figure 5, Fig. 5 is a kind of block diagram of port management means of the disclosure according to an exemplary embodiment, Described device can be applied in the equipment for being mounted with android system or class Unix system, such as:User terminal, and for holding Port management method shown in row Fig. 1, described device can include:
Setup module 51, it is closed mode to be configured as setting one or more designated ports, and the designated port is to treat The port of management;
Starting module 52, it is configured as starting the firewall services process for Port Management;
Judge module 53, when being configured as detecting the management request for the designated port, judge that requesting party is The no Port Management authority having for the designated port;
Management module 54, it is configured as if it is determined that the requesting party has the Port Management authority, then according to the pipe Reason request is simultaneously managed the designated port accordingly by the management interface of firewall services process offer.
As seen from the above-described embodiment, it is closed mode by setting one or more designated ports, starts for port tube The firewall services process of reason, when detecting the management request for designated port, judge whether requesting party has for being somebody's turn to do The Port Management authority of designated port, if so, the management interface then asked according to management and provided by firewall services process The designated port is managed accordingly, the requesting party for the Port Management authority that can so avoid not having manages designated ends Mouth, improve the security of Port Management.
As shown in fig. 6, Fig. 6 is the frame of another port management means of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 5, the setup module 51 can include the embodiment:
Submodule 61 is set, setting system is configured as and starts script, the system starts each described specified in script Port is closed mode;
Submodule 62 is run, is configured as when system starts, the system is run and starts script.
As seen from the above-described embodiment, when system starts, script is started by system and closes all designated ports in system Close, can so improve security of system.
As shown in fig. 7, Fig. 7 is the frame of another port management means of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 5, the judge module 53 can include the embodiment:
First judging submodule 71, it is configured as judging the requesting party whether in default trust list;
Second judging submodule 72, if being configured as the requesting party in default trust list, judge described ask Whether apply to the Port Management authority side of asking;
First determination sub-module 73, apply if being configured as the requesting party to the Port Management authority, really The fixed requesting party has the Port Management authority.
As seen from the above-described embodiment, by judging that requesting party whether in default trust list, can so identify this Requesting party whether trusted, then by judging whether requesting party has applied to the Port Management authority for designated port, this Sample can further identify whether the requesting party has Port Management authority, i.e. requesting party only in default trust list, And when having applied to Port Management authority for designated port, just with Port Management authority, otherwise without port tube Authority is managed, so as to improve the reliability of Port Management.
As shown in figure 8, Fig. 8 is the frame of another port management means of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 7, second judging submodule 72 can include the embodiment:
Second determination sub-module 81, if being configured as carrying the Port Management authority in the management request, really The fixed requesting party has applied to the Port Management authority.
As shown in figure 9, Fig. 9 is the frame of another port management means of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 5, the management module 54 can include the embodiment:
3rd determination sub-module 91, it is configured as management interface and management according to corresponding to determining the management request and refers to Order;
Submodule 92 is managed, is configured as carrying out the designated port by identified management interface and management instruction Corresponding management.
As seen from the above-described embodiment, instructed, passed through by management interface and management according to corresponding to management request determination Identified management interface and management instruction are managed the designated port accordingly, can so improve the standard of Port Management True property.
As shown in Figure 10, Figure 10 is the frame of another port management means of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 9, the management request for the designated port includes the embodiment:Pin Call request to the designated port, the closing for the opening request of the designated port or for the designated port Request;The management interface that the firewall services process provides includes:First interface, the first interface be used for other application or Process calls the designated port;Second interface, the second interface are used to open the designated port;3rd interface, it is described 3rd interface is used to close the designated port;3rd determination sub-module 91 can include:
4th determination sub-module 101, if it is the call request to be configured as the management request, it is determined that the correspondence Management interface be the first interface and it is described corresponding to management instruction be for the designated port call instruction;
5th determination sub-module 102, asked if being configured as the management request for described open, it is determined that the correspondence Management interface be the second interface and it is described corresponding to management instruction be designated port described in pin OPEN;
6th determination sub-module 103, if it is the turn-off request to be configured as the management request, it is determined that the correspondence Management interface be the 3rd interface and it is described corresponding to management instruction be designated port described in pin out code.
As seen from the above-described embodiment, three interfaces provided by firewall services process can realize different management work( Energy, the management function of Port Management is enriched, improve the efficiency of Port Management.
As shown in figure 11, Figure 11 is the frame of another port management means of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 5, described device can also include the embodiment:
Refuse module 111, be configured as if it is determined that the requesting party does not have the Port Management authority, then described in refusal Management request.
As seen from the above-described embodiment, the management by refusing the requesting party without Port Management authority is asked, and so may be used So that ineligible management request is excluded, qualified management request is only responded, can so accelerate Port Management Speed.
Corresponding with Fig. 5, the disclosure also provides another port management means, and described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to management and taken by the fire wall The management interface that business process provides is managed the designated port accordingly.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.Device embodiment described above is only schematical, wherein illustrating as separating component Unit can be or may not be physically separate, can be as the part that unit is shown or may not be Physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to the actual needs Some or all of module therein is selected to realize the purpose of disclosure scheme.Those of ordinary skill in the art are not paying wound In the case that the property made is worked, you can to understand and implement.
As shown in figure 12, Figure 12 is that the one kind of the disclosure according to an exemplary embodiment is applied to Port Management 1200 Structural representation.For example, device 1200 can be the mobile phone for having routing function, computer, digital broadcast terminal, disappear Cease transceiver, game console, tablet device, Medical Devices, body-building equipment, personal digital assistant etc..
Reference picture 12, device 1200 can include following one or more assemblies:Processing component 1202, memory 1204, Power supply module 1206, multimedia groupware 1208, audio-frequency assembly 1210, the interface 1212 of input/output (I/O), sensor cluster 1214, and communication component 1216.
The integrated operation of the usual control device 1200 of processing component 1202, such as communicated with display, call, data, The operation that camera operation and record operation are associated.Processing component 1202 can include one or more processors 1220 to perform Instruction, to complete all or part of step of above-mentioned method.In addition, processing component 1202 can include one or more moulds Block, the interaction being easy between processing component 1202 and other assemblies.For example, processing component 1202 can include multi-media module, To facilitate the interaction between multimedia groupware 1208 and processing component 1202.
Memory 1204 is configured as storing various types of data to support the operation in device 1200.These data Example includes being used for the instruction of any application program or method operated on device 1200, contact data, telephone book data, Message, picture, video etc..Memory 1204 can by any kind of volatibility or non-volatile memory device or they Combination is realized, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), it is erasable can Program read-only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, flash memory Reservoir, disk or CD.
Power supply module 1206 provides electric power for the various assemblies of device 1200.Power supply module 1206 can include power management System, one or more power supplys, and other components associated with generating, managing and distributing electric power for device 1200.
Multimedia groupware 1208 is included in the screen of one output interface of offer between described device 1200 and user. In some embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel, Screen may be implemented as touch-screen, to receive the input signal from user.Touch panel includes one or more touch and passed Sensor is with the gesture on sensing touch, slip and touch panel.The touch sensor can not only sensing touch or slip be dynamic The border of work, but also detect the duration and pressure related to the touch or slide.In certain embodiments, it is more Media component 1208 includes a front camera and/or rear camera.When device 1200 is in operator scheme, mould is such as shot When formula or video mode, front camera and/or rear camera can receive outside multi-medium data.Each preposition shooting Head and rear camera can be a fixed optical lens system or have focusing and optical zoom capabilities.
Audio-frequency assembly 1210 is configured as output and/or input audio signal.For example, audio-frequency assembly 1210 includes a wheat Gram wind (MIC), when device 1200 is in operator scheme, during such as call model, logging mode and speech recognition mode, microphone quilt It is configured to receive external audio signal.The audio signal received can be further stored in memory 1204 or via communication Component 1216 is sent.In certain embodiments, audio-frequency assembly 1210 also includes a loudspeaker, for exports audio signal.
I/O interfaces 1212 provide interface, above-mentioned peripheral interface module between processing component 1202 and peripheral interface module Can be keyboard, click wheel, button etc..These buttons may include but be not limited to:Home button, volume button, start button and Locking press button.
Sensor cluster 1214 includes one or more sensors, and the state for providing various aspects for device 1200 is commented Estimate.For example, sensor cluster 1214 can detect opening/closed mode of device 1200, the relative positioning of component, such as institute The display and keypad that component is device 1200 are stated, sensor cluster 1214 can be with detection means 1200 or device 1,200 1 The position of individual component changes, the existence or non-existence that user contacts with device 1200, the orientation of device 1200 or acceleration/deceleration and dress Put 1200 temperature change.Sensor cluster 1214 can include proximity transducer, be configured in no any physics The presence of object nearby is detected during contact.Sensor cluster 1214 can also include optical sensor, as CMOS or ccd image are sensed Device, for being used in imaging applications.In certain embodiments, the sensor cluster 1214 can also include acceleration sensing Device, gyro sensor, Magnetic Sensor, pressure sensor, microwave remote sensor or temperature sensor.
Communication component 1216 is configured to facilitate the communication of wired or wireless way between device 1200 and other equipment.Dress The wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof can be accessed by putting 1200.It is exemplary at one In embodiment, communication component 1216 receives broadcast singal or broadcast correlation from external broadcasting management system via broadcast channel Information.In one exemplary embodiment, the communication component 1216 also includes near-field communication (NFC) module, to promote short distance Communication.For example, radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band can be based in NFC module (UWB) technology, bluetooth (BT) technology and other technologies are realized.
In the exemplary embodiment, device 1200 can be by one or more application specific integrated circuits (ASIC), numeral Signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for performing following methods:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has and be directed to the designated ends The Port Management authority of mouth;
If it is determined that the requesting party has the Port Management authority, then asked according to management and taken by the fire wall The management interface that business process provides is managed the designated port accordingly.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instructing, example are additionally provided Such as include the memory 1204 of instruction, above-mentioned instruction can be performed to complete the above method by the processor 1220 of device 1200.Example Such as, the non-transitorycomputer readable storage medium can be ROM, it is random access memory (RAM), CD-ROM, tape, soft Disk and optical data storage devices etc..
Those skilled in the art will readily occur to the disclosure its after considering specification and putting into practice invention disclosed herein Its embodiment.The disclosure is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledges in the art of the disclosure Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following Claim is pointed out.
It should be appreciated that the precision architecture that the disclosure is not limited to be described above and is shown in the drawings, and And various modifications and changes can be being carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.

Claims (15)

1. a kind of port management method, it is characterised in that methods described includes:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has for the designated port Port Management authority;
If it is determined that the requesting party has the Port Management authority, then asked according to the management and taken by the fire wall The management interface that business process provides is managed the designated port accordingly.
2. according to the method for claim 1, it is characterised in that the original state that one or more designated ports are set For closed mode, including:
Setting system starts script, and it is closed mode that the system, which starts each designated port in script,;
When system starts, run the system and start script.
3. according to the method for claim 1, it is characterised in that described to judge requesting party whether with being directed to the designated ends The Port Management authority of mouth, including:
Judge the requesting party whether in default trust list;
If the requesting party in default trust list, judges whether the requesting party has applied to the Port Management Authority;
If the requesting party has applied to the Port Management authority, it is determined that there is the requesting party Port Management to weigh Limit.
4. according to the method for claim 3, it is characterised in that described to judge whether the requesting party has applied to described Port Management authority, including:
If carry the Port Management authority in the management request, it is determined that the requesting party has applied to the port Administration authority.
5. according to the method for claim 1, it is characterised in that described to be asked according to management and pass through the firewall services The management interface that process provides is managed the designated port accordingly, including:
Management interface and management instruct according to corresponding to determining the management request;
The designated port is managed accordingly by identified management interface and management instruction.
6. according to the method for claim 5, it is characterised in that the management request for the designated port includes: Call request for the designated port, the pass for the opening request of the designated port or for the designated port Close request;
The management interface that the firewall services process provides includes:First interface, the first interface be used for other application or Process calls the designated port;Second interface, the second interface are used to open the designated port;3rd interface, it is described 3rd interface is used to close the designated port;
Management interface and the management according to corresponding to determining the management request instruct, including:
If the management request be the call request, it is determined that management interface corresponding to described for the first interface and Management instruction corresponding to described is the call instruction for the designated port;
If it is described management request for it is described open ask, it is determined that it is described corresponding to management interface be the second interface and Management instruction corresponding to described is the OPEN of designated port described in pin;
If the management request be the turn-off request, it is determined that management interface corresponding to described for the 3rd interface and Management instruction corresponding to described is the out code of designated port described in pin.
7. according to the method for claim 1, it is characterised in that methods described also includes:
If it is determined that the requesting party does not have the Port Management authority for the designated port, then refuse the management request.
8. a kind of port device, it is characterised in that described device includes:
Setup module, it is closed mode to be configured as setting one or more designated ports, and the designated port is to be managed Port;
Starting module, it is configured as starting the firewall services process for Port Management;
Judge module, when being configured as detecting the management request for the designated port, judge whether requesting party has For the Port Management authority of the designated port;
Management module, it is configured as if it is determined that the requesting party has the Port Management authority, then according to the management request And the management interface provided by the firewall services process is managed the designated port accordingly.
9. device according to claim 8, it is characterised in that the setup module includes:
Submodule is set, setting system is configured as and starts script, the system starts each designated port in script and is Closed mode;
Submodule is run, is configured as when system starts, the system is run and starts script.
10. device according to claim 8, it is characterised in that the judge module includes:
First judging submodule, it is configured as judging the requesting party whether in default trust list;
Second judging submodule, if being configured as the requesting party in default trust list, judge that the requesting party is It is no to have applied to the Port Management authority;
First determination sub-module, apply if being configured as the requesting party to the Port Management authority, it is determined that described Requesting party has the Port Management authority.
11. device according to claim 10, it is characterised in that second judging submodule includes:
Second determination sub-module, if being configured as carrying the Port Management authority in the management request, it is determined that described Requesting party has applied to the Port Management authority.
12. device according to claim 8, it is characterised in that the management module includes:
3rd determination sub-module, it is configured as management interface and management according to corresponding to determining the management request and instructs;
Submodule is managed, is configured as corresponding to designated port progress by identified management interface and management instruction Management.
13. device according to claim 12, it is characterised in that the management request bag for the designated port Include:Call request for the designated port, for the opening request of the designated port or for the designated port Turn-off request;
The management interface that the firewall services process provides includes:First interface, the first interface be used for other application or Process calls the designated port;Second interface, the second interface are used to open the designated port;3rd interface, it is described 3rd interface is used to close the designated port;
3rd determination sub-module includes:
4th determination sub-module, if it is the call request to be configured as the management request, it is determined that managed corresponding to described Interface is the first interface and the corresponding management instruction is the call instruction for the designated port;
5th determination sub-module, asked if being configured as the management request for described open, it is determined that managed corresponding to described The OPEN that interface is the second interface and the corresponding management instruction is designated port described in pin;
6th determination sub-module, if it is the turn-off request to be configured as the management request, it is determined that managed corresponding to described The out code that interface is the 3rd interface and the corresponding management instruction is designated port described in pin.
14. device according to claim 8, it is characterised in that described device also includes:
Refuse module, be configured as if it is determined that the requesting party does not have the Port Management authority, then refusing the management please Ask.
15. a kind of port management means, it is characterised in that described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
It is closed mode to set one or more designated ports, and the designated port is port to be managed;
Start the firewall services process for Port Management;
When detecting the management request for the designated port, judge whether requesting party has for the designated port Port Management authority;
If it is determined that the requesting party has the Port Management authority, then asked according to the management and taken by the fire wall The management interface that business process provides is managed the designated port accordingly.
CN201710897601.0A 2017-09-28 2017-09-28 Port management method and device Pending CN107483277A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710897601.0A CN107483277A (en) 2017-09-28 2017-09-28 Port management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710897601.0A CN107483277A (en) 2017-09-28 2017-09-28 Port management method and device

Publications (1)

Publication Number Publication Date
CN107483277A true CN107483277A (en) 2017-12-15

Family

ID=60604903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710897601.0A Pending CN107483277A (en) 2017-09-28 2017-09-28 Port management method and device

Country Status (1)

Country Link
CN (1) CN107483277A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833362A (en) * 2018-05-23 2018-11-16 邱婧 A kind of equipment access authority control method, apparatus and system
CN110737560A (en) * 2019-10-22 2020-01-31 北京百度网讯科技有限公司 service state detection method, device, electronic equipment and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148380A1 (en) * 2006-10-30 2008-06-19 Microsoft Corporation Dynamic updating of firewall parameters
CN102724176A (en) * 2012-02-23 2012-10-10 北京市计算中心 Intrusion detection system facing cloud calculating environment
CN103246849A (en) * 2013-05-30 2013-08-14 浪潮集团有限公司 Safe running method based on ROST under Windows
CN104104679A (en) * 2014-07-18 2014-10-15 四川中亚联邦科技有限公司 Data processing method based on private cloud
CN104252584A (en) * 2013-06-28 2014-12-31 华为数字技术(苏州)有限公司 Method and device for protecting website content
CN106228078A (en) * 2016-07-29 2016-12-14 浪潮电子信息产业股份有限公司 Safe operation method based on enhanced ROST under Linux

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148380A1 (en) * 2006-10-30 2008-06-19 Microsoft Corporation Dynamic updating of firewall parameters
CN102724176A (en) * 2012-02-23 2012-10-10 北京市计算中心 Intrusion detection system facing cloud calculating environment
CN103246849A (en) * 2013-05-30 2013-08-14 浪潮集团有限公司 Safe running method based on ROST under Windows
CN104252584A (en) * 2013-06-28 2014-12-31 华为数字技术(苏州)有限公司 Method and device for protecting website content
CN104104679A (en) * 2014-07-18 2014-10-15 四川中亚联邦科技有限公司 Data processing method based on private cloud
CN106228078A (en) * 2016-07-29 2016-12-14 浪潮电子信息产业股份有限公司 Safe operation method based on enhanced ROST under Linux

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833362A (en) * 2018-05-23 2018-11-16 邱婧 A kind of equipment access authority control method, apparatus and system
CN108833362B (en) * 2018-05-23 2021-05-07 邱婧 Equipment access authority control method, device and system
CN110737560A (en) * 2019-10-22 2020-01-31 北京百度网讯科技有限公司 service state detection method, device, electronic equipment and medium
CN110737560B (en) * 2019-10-22 2023-10-20 北京百度网讯科技有限公司 Service state detection method and device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
CN104468837B (en) The binding method and device of smart machine
CN103916829B (en) A kind of desktop Notification Method of message and device
CN104601441B (en) For the authority control method and instant communication client of group chat
CN104391870B (en) Logistics information acquisition methods and device
CN106487622A (en) Equipment control sharing method and device
CN104113530B (en) The method and device of access router
CN107204883A (en) Network failure processing method and device
CN106970769A (en) Multi-screen display method and device
CN104125162B (en) The access processing method and device of Internet resources
CN104166602B (en) Data back up method and device, electronic equipment
CN105847243A (en) Method and device for accessing smart camera
CN107809491A (en) The method for down loading and device of installation kit
CN107094094A (en) Networking methods, device and the terminal of application program
CN106535191A (en) Network connection establishing method and device
CN107959757A (en) User information processing method, device, APP servers and terminal device
CN107395624A (en) Information processing method and device
CN107562500A (en) Debugging apparatus, method and apparatus
CN107483277A (en) Port management method and device
CN106598540A (en) Audio playing method and device
CN106611112A (en) Application program safe processing method, device and equipment
CN106658467A (en) Virtual SIM card management method and device
CN106534551A (en) Information display method and apparatus
CN107958038A (en) Speaker control method and device
CN107819836A (en) The remapping method and device of facility information
CN106331780A (en) Method, device, equipment and system for authorizing live broadcast

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171215