CN110493064A - Firewall management method, apparatus, computer equipment and storage medium - Google Patents
Firewall management method, apparatus, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110493064A CN110493064A CN201910818789.4A CN201910818789A CN110493064A CN 110493064 A CN110493064 A CN 110493064A CN 201910818789 A CN201910818789 A CN 201910818789A CN 110493064 A CN110493064 A CN 110493064A
- Authority
- CN
- China
- Prior art keywords
- firewall
- address
- source
- configuration
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 25
- 230000009471 action Effects 0.000 claims abstract description 55
- 238000000034 method Methods 0.000 claims abstract description 36
- 238000001514 detection method Methods 0.000 claims abstract description 10
- 238000012360 testing method Methods 0.000 claims description 90
- 238000013508 migration Methods 0.000 claims description 52
- 230000005012 migration Effects 0.000 claims description 52
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012986 modification Methods 0.000 claims description 15
- 230000004048 modification Effects 0.000 claims description 15
- 206010022000 influenza Diseases 0.000 claims description 9
- 235000013399 edible fruits Nutrition 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 8
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 10
- 230000001960 triggered effect Effects 0.000 description 8
- 230000002265 prevention Effects 0.000 description 5
- 238000012512 characterization method Methods 0.000 description 3
- 239000003550 marker Substances 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0889—Techniques to speed-up the configuration process
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application involves field of information security technology, a kind of firewall management method, apparatus, computer equipment and storage medium are provided.The described method includes: the first trigger action of detection, generates firewall configuration according to first trigger action and instructs and determine the first purpose IP address, the firewall configuration instruction carries source IP addresses and the first destination slogan;It sends the firewall configuration and instructs client corresponding to first purpose IP address, so that the client modifies the corresponding firewall information of first destination slogan according to the source IP addresses, and sends feedback information to server-side;After receiving the feedback information, determine that the firewall configuration instructs corresponding configuration result according to the feedback information, and the configuration result is visualized.The allocative efficiency of firewall can be improved using the present processes.
Description
Technical field
This application involves firewall technology fields, more particularly to a kind of firewall management method, apparatus, computer equipment
And storage medium.
Background technique
With the rapid development of Internet technology, the scale for being related to the project of Internet technology is increasing, uses
Server is more and more, and a small system just has more than 20 servers, and server is likely distributed in the machine of different geographical
Room, because of security strategy factor, each server needs to carry out firewall configuration.
In traditional technology, when carrying out firewall configuration, it usually needs operation maintenance personnel logs in each machine one by one and matched
It sets, leads to inefficiency.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide a kind of fire prevention of allocative efficiency that can be improved firewall
Wall coil manages method, apparatus, computer equipment and storage medium.
A kind of firewall management method is applied to server-side, which comprises
The first trigger action is detected, instructed according to first trigger action generation firewall configuration and determines the first purpose
IP address, the firewall configuration instruction carry source IP addresses and the first destination slogan;
It sends the firewall configuration and instructs client corresponding to first purpose IP address, make client with described
The corresponding firewall information of first destination slogan is modified according to the source IP addresses, and sends feedback letter to server-side
Breath;
After receiving the feedback information, determine that the firewall configuration instructs corresponding configuration according to the feedback information
As a result, and the configuration result is visualized.
After receiving the feedback information described in one of the embodiments, according to feedback information determination
Firewall configuration instructs corresponding configuration result, and the configuration result is visualized, comprising:
After receiving the feedback information, verifying instruction, Xiang Suoshu source IP addresses are generated according to the feedback information
Corresponding client sends verifying instruction;It states verifying instruction and is used to indicate the corresponding client of the source IP addresses to described the
The corresponding client of one purpose IP address sends test request, and sends test result to the server-side;
When judging that the firewall information is successfully modified according to the test result, determine that the firewall configuration refers to
Enable corresponding configuration result for firewall configuration success;
When judging the firewall information modification failure according to the test result, determine that the firewall configuration refers to
Enable corresponding configuration result for firewall configuration failure.
In one of the embodiments, the method also includes:
The second trigger action is detected, determines the corresponding source IP address of second trigger action and purpose migration IP address;
When the source IP address is the first preset kind IP address, corresponding second destination IP of the source IP address is determined
Address and the second destination slogan, the corresponding client of the second purpose IP address of Xiang Suoshu are sent with carrying the purpose migration IP
First firewall open command of location and second destination slogan;The first preset kind IP address is for source IP
Location;
The first firewall open command is used to indicate the corresponding client unlatching of second purpose IP address and institute
Purpose migration IP address and the corresponding firewall of second destination slogan are stated, and is returned after opening successfully to the server-side
It returns and opens successful first feedback information;
After receiving successful first feedback information of unlatching, the corresponding client of the second purpose IP address of Xiang Suoshu is sent
Carry the first firewall out code of the source IP address and second destination slogan;The first firewall closing refers to
Order is used to indicate the corresponding client of second purpose IP address and closes and the source IP address and second destination port
Number corresponding firewall, and sent after closing successfully to the server-side and close successful first feedback information;
After receiving successful first feedback information of closing, display migrates successful notification information.
In one of the embodiments, in the second trigger action of the detection, determine that second trigger action is corresponding
After source IP address and purpose migration IP address, the method also includes:
When the source IP address is the second preset kind IP address, the corresponding source IP addresses of the source IP address are determined
And third destination slogan, Xiang Suoshu purpose, which migrates the corresponding client of IP address and sends, carries source IP addresses and described
Second firewall open command of third destination slogan;The second preset kind IP address is purpose IP address;
The second firewall open command is used to indicate the corresponding client unlatching of the purpose migration IP address and institute
Source IP addresses and the corresponding firewall of the third destination slogan are stated, and is opened after opening successfully to server-side return
Open successful second feedback information;
After receiving successful second feedback information of unlatching, the corresponding client of Xiang Suoshu source IP address, which is sent, carries institute
State the second firewall out code of source IP addresses and the third destination slogan;
The second firewall out code is used to indicate the corresponding client of the source IP address and closes the source IP
Address and the corresponding firewall of the third destination slogan, and return and close successfully to the server-side after closing successfully
Second feedback information;
After receiving successful second feedback information of closing, display migrates successful notification information.
In one of the embodiments, the method also includes:
The current firewall information that each client is sent is received, the current firewall information is client according to default
Time interval obtain each port firewall information;
Current firewall information carries out more the firewall information of currently stored each client based on the received
Newly.
In one of the embodiments, the method also includes:
Third trigger action is detected, determines the corresponding inquiry IP address of the third trigger action;
Corresponding association firewall information, the association firewall information that will be inquired are inquired according to the inquiry IP address
It is shown.
A kind of firewall management device, which is characterized in that described device includes:
Trigger action detection module generates firewall according to first trigger action for detecting the first trigger action
Configuration-direct simultaneously determines the first purpose IP address, and the firewall configuration instruction carries source IP addresses and the first destination port
Number;
Firewall configuration instruction sending module is instructed for sending the firewall configuration to first purpose IP address
Corresponding client is believed so that client modifies the corresponding firewall of first destination slogan according to the source IP addresses
Breath, and feedback information is sent to server-side;;
Configuration result determining module determines described anti-after receiving the feedback information according to the feedback information
The corresponding configuration result of wall with flues configuration-direct, and the configuration result is visualized.
The configuration result determining module is also used to after receiving the feedback information in one of the embodiments,
Verifying instruction is generated according to the feedback information, the corresponding client of Xiang Suoshu source IP addresses sends verifying instruction;State verifying
Instruction is used to indicate the corresponding client of the source IP addresses and sends survey to the corresponding client of first purpose IP address
Examination request, and test result is sent to the server-side;When judging that the firewall information is modified according to the test result
When success, determine that the firewall configuration instructs corresponding configuration result for firewall configuration success;It is tied when according to the test
When fruit judges the firewall information modification failure, determining that the firewall configuration instructs corresponding configuration result is firewall
Configuration failure.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing
The step of device realizes above-mentioned any embodiment the method when executing the computer program.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor
The step of above-mentioned any embodiment the method is realized when row.
Above-mentioned firewall management method, apparatus, computer equipment and storage medium, server-side pass through detection the first triggering behaviour
Make, configuration-direct is generated according to the first trigger action, and be sent to destination client, destination client can be certainly according to the instruction
Dynamic modification firewall information, so, user only needs to operate in server-side, so that it may be mounted with visitor to any one
The server at family end carries out firewall configuration, realizes the unified configuration management to firewall, user no longer needs at each
It is logged on server, the time is greatly saved, improve the allocative efficiency of firewall.Further, destination client can be with
Feedback information is sent to server-side, server-side can determine firewall configuration knot according to feedback information upon reception of the feedback information
Fruit, and by firewall configuration result visualization, so that firewall configuration result can intuitively be shown, in this way, with
Family can know the configuration result of firewall without logging into destination client, further improve firewall
Allocative efficiency.
Detailed description of the invention
Fig. 1 is the application scenario diagram of firewall management method in one embodiment;
Fig. 2 is the flow diagram of firewall management method in one embodiment;
Fig. 3 is the interface schematic diagram that firewall is opened in one embodiment;
Fig. 4 is the flow diagram of step S206 in one embodiment;
Fig. 5 is the step flow diagram in one embodiment except Fig. 1;
Fig. 6 is the interface schematic diagram of a bond migration firewall in one embodiment;
Fig. 7 is the step flow diagram in one embodiment except Fig. 1;
Fig. 8 is the structural block diagram of firewall management device in one embodiment;
Fig. 9 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
Firewall management method provided by the present application, can be applied in application environment as shown in Figure 1.Wherein, it services
End 110 is communicated by network with client 120, and client 120 may be disposed at any one and need to carry out firewall management
Server on, such as the server 121,122,123,124 in figure.Server-side 110 detects the first trigger action, according to first
Trigger action generates firewall configuration instruction, and firewall configuration instruction is sent to the target customer for needing to carry out firewall configuration
End, destination client parse firewall configuration instruction, obtain the source wherein carried after receiving firewall configuration instruction
Then IP address configures the corresponding firewall of source IP addresses, after configuration is complete, send feedback information, service to server-side
Termination receives feedback information, generates configuration result according to feedback information and visualizes configuration result, so, operation maintenance personnel
It can be realized in server-side and the unified of the firewall on any one server is configured, so as to improve firewall configuration
Efficiency.
In one embodiment, as shown in Fig. 2, providing a kind of firewall management method, clothes are involved in this method with this
Method is applied to be illustrated for the server-side in Fig. 1, comprising the following steps:
Step 202, the first trigger action is detected, instructed according to the first trigger action generation firewall configuration and determines first
Purpose IP address, firewall configuration instruction carry source IP addresses and the first destination slogan.
Server-side displaying has web page, can show the triggered mark of firewall configuration in the page, which can
To be prompt information or the trigger control etc. that can be triggered server-side and generate firewall configuration instruction, wherein firewall configuration refers to
Enable is firewall open command or firewall out code.First trigger action refers to acting on the default of the triggered mark
Operation.Trigger action specifically can be touch operation, cursor operations, button operation or voice operating.Wherein, touch operation can
Be touch clicking operation, touch pressing operation perhaps touch slide touch operation can be click touch operation or
Multiple point touching operation;The operation that cursor operations can be the operation that control cursor is clicked or control cursor is pressed;
Button operation can be operation of virtual key or physical button operation etc..
Server-side obtains the corresponding source IP addresses of the first trigger action, destination IP after detecting the first trigger action
Address and port numbers, wherein the corresponding IP address of accessed server that purpose IP address refers to, source IP addresses refer to pair
The corresponding IP address of server that some port of the corresponding server of purpose IP address accesses, to guarantee network security
Property, firewall usually is set in purpose IP address corresponding server.For example, A server needs to access certain of B server
A port, then B server needs to open the firewall to A server, at this point, A server is origin server, B server is
Destination server.
As shown in figure 3, in one embodiment, part interface schematic diagram of the server-side when detecting the first trigger action,
In this embodiment, user can fill in source IP addresses, purpose IP address and port numbers in the configuration block of showing interface, fill out
After writing complete, click is released the button, at this point, server-side gets the corresponding source IP addresses of the first trigger action, destination IP
Address and port numbers.
Further, server-side generates firewall configuration instruction and instructs firewall configuration and corresponds to according to the first trigger action
Purpose IP address determine the first purpose IP address, the first purpose IP address herein, namely need to carry out firewall configuration (packet
Include and open firewall and close firewall) the corresponding IP address in destination client.It is understood that server-side generation is anti-
Source IP addresses and first object port numbers can be carried in wall with flues configuration-direct, the first object port numbers i.e. source IP
The port numbers accessed required for the corresponding client in address.
Step 204, send firewall configuration instruct client corresponding to the first purpose IP address so that client according to
Source IP addresses modify the corresponding firewall information of the first destination slogan, and send feedback information to server-side.
After the IP address of destination client has been determined, firewall configuration can be instructed and be sent to target visitor by server-side
Family end, the destination client parse the instruction, after receiving firewall configuration instruction to obtain source IP addresses and the first mesh
Port numbers are marked, are then modified to the corresponding firewall information of first object port numbers, if successfully modified, are sent out to server-side
Successfully modified feedback information is sent, if modification failure, the feedback information of modification failure is sent to server-side.
Wherein, when firewall configuration instruction is firewall open command, according to source IP addresses to destination port number pair
It includes: the IP that source IP addresses are added to the corresponding firewall policy of first object port numbers that the firewall information answered, which is modified,
In the list of address;It is corresponding to destination port number according to source IP addresses when firewall configuration information is firewall out code
Firewall information to modify include: IP address by source IP addresses from the corresponding firewall policy of first object port numbers
It is deleted in list.
Step 206, after receiving feedback information, determine that firewall configuration instructs corresponding configuration to tie according to feedback information
Fruit, and configuration result is visualized.
Server-side upon reception of the feedback information, can determine that firewall configuration instructs corresponding configuration according to feedback information
As a result, further, server-side can visualize the configuration result.
In one embodiment, server-side upon reception of the feedback information, can directly identify the feedback information,
When identifying feedback information is the successfully modified feedback information of characterization firewall, determine that firewall configuration instructs corresponding configuration
It as a result is firewall configuration success.Furthermore, it is to be understood that when firewall configuration instruction is firewall open command,
Determine that the corresponding configuration result of firewall open command is that firewall is opened successfully;When firewall configuration instruction is that firewall is closed
When instruction, determine that the corresponding configuration result of firewall open command is that firewall is closed successfully.
When server-side identifies that feedback information is to characterize the feedback information of firewall modification failure, firewall configuration is determined
Instructing corresponding configuration result is firewall configuration into failure.Furthermore, it is to be understood that when firewall configuration instruction is anti-
When wall with flues open command, determine that the corresponding configuration result of firewall open command is that firewall opens failure;Work as firewall configuration
When instruction is firewall out code, determine that the corresponding configuration result of firewall open command is firewall Fail-closed.
In one embodiment, client can modify the marker of result in feedback information comprising firewall, such as
It is successfully modified with " 1 " characterization firewall, with the firewall modification failure of " 0 " characterization.In this way, when server-side receives feedback information
Afterwards, if identifying, marker is " 1 ", it is determined that configuration result is firewall configuration success, when identifying marker is " 0 ",
Then determine configuration result for firewall configuration failure.
Further, server-side visualizes configuration result.Specifically, it can be to the corresponding prompt information of configuration result
It is visualized.For example, can show " firewall is closed successfully " when configuration result is configuration successful or " firewall is opened
Open success ".
In above-mentioned firewall management method, server-side is generated by the first trigger action of detection according to the first trigger action
Configuration-direct, and be sent to destination client, destination client can modify firewall information according to the instruction automatically, and such one
Come, user only needs to operate in server-side, so that it may be mounted with that the server of client carries out firewall to any one
Configuration, realizes the unified configuration management to firewall, user no longer needs to log on each server, save significantly
The time has been saved, the allocative efficiency of firewall is improved.Further, destination client can send feedback information, clothes to server-side
Business end can determine firewall configuration according to feedback information upon reception of the feedback information as a result, and can by firewall configuration result
Depending on changing, so that firewall configuration result can intuitively be shown, in this way, user can be without logging into destination client
In the case where can know the configuration result of firewall, further improve the allocative efficiency of firewall.
In one embodiment, as shown in figure 4, after receiving feedback information in above-mentioned steps S206, according to feedback information
It determines that firewall configuration instructs corresponding configuration result, and configuration result is visualized, can further include:
Step S206A generates verifying instruction according to feedback information, to source IP addresses pair upon reception of the feedback information
The client answered sends verifying instruction;It states verifying instruction and is used to indicate the corresponding client of source IP addresses to the first destination IP
The corresponding client in location sends test request, and sends test result to server-side.
In the present embodiment, for the accuracy for ensuring feedback result that destination client returns, server-side receiving target
After the feedback information that client returns, verifying instruction can be sent to the corresponding client of source IP addresses, verifying instruction is taken
The information such as the first purpose IP address of band, the first destination slogan and source IP addresses, the corresponding client of source IP addresses are connecing
After receiving verifying instruction, the instruction is parsed, obtain the first purpose IP address and the first destination slogan therein, to the of acquisition
Port corresponding with the first destination slogan sends telnet test request in the corresponding client of one purpose IP address, if test
Request is sent successfully, it is determined that test result is to be successfully tested, if test request sends failure, it is determined that test result is test
Failure.Further, the corresponding client of source IP addresses returns to test result to server-side after the completion of test.
In one embodiment, server-side upon reception of the feedback information, can automatically generate verifying instruction, wherein anti-
Purpose IP address, destination slogan, source IP addresses and modification will necessarily be carried in feedforward information as a result, therefore, server-side can be with
Feedback information is parsed, obtains and automatically generates verifying according to purpose IP address therein, destination slogan, source IP addresses
Instruction.
In another embodiment, server-side upon reception of the feedback information, can be shown on the page feedback information and
And the triggered mark of firewall verifying is generated according to the feedback information, which, which can be to trigger server-side and generate, prevents
Prompt information or trigger control etc. of wall with flues verifying instruction act on the trigger action of the triggered mark when server-side receives
When, feedback information is parsed, obtains purpose IP address therein, destination slogan, source IP addresses, according to destination IP
Location, destination slogan, source IP addresses generate firewall verifying instruction.
Step S206B determines that firewall configuration instructs corresponding configuration result according to test result, and shows configuration knot
Fruit.
Wherein, when judging that firewall information is successfully modified according to test result, determine that firewall configuration instruction corresponds to
Configuration result be firewall configuration success;When judging firewall information modification failure according to test result, fire prevention is determined
The corresponding configuration result of wall configuration-direct is firewall configuration failure.
Specifically, when firewall configuration instruction is firewall open command, if server-side judges according to test result
Firewall information is successfully modified out, then server-side determines that configuration result is that firewall is opened successfully, if server-side is tied according to test
Fruit judges firewall information modification failure, then server-side determines that configuration result is that firewall opens failure;Work as firewall configuration
When instruction is firewall out code, if server-side judges firewall information modification failure, server-side according to test result
Determine that configuration result is firewall Fail-closed, if server-side judges that firewall information is successfully modified according to test result,
Server-side determines that configuration result is that firewall is closed successfully.Server-side further visualizes configuration result.
In above-described embodiment, server-side generates verifying instruction, by this after the feedback information for receiving purpose client
Verifying instruction determines configuration result according to test result to indicate that source client tests firewall, thus into
It can guarantee to one step the accuracy of configuration result.
In one embodiment, as shown in figure 5, the above method further include:
Step S502 detects the second trigger action, determines the corresponding source IP address of the second trigger action and purpose migration IP
Address.
In practical applications, it is frequently encountered the inadequate situation of the performance of some server, needing will be on the server
Using or services migrating to an other server, wherein the former is known as source server, and the latter is known as purpose migration service
Device, due to having carried out server migration, to ensure that business can operate normally after migrating, and need the fire prevention for being related to source server
Wall carries out " migration ", and in the present embodiment, server-side can be in the triggered mark of page presentation firewall migration, which can be with
It is that can trigger server-side to enter prompt information or trigger control of firewall migration process etc., is acted on when server-side receives
When the trigger action of the triggered mark, obtains the corresponding source IP address of the trigger action and purpose migration IP address and enter fire prevention
Wall migrates process, wherein source IP address refers to the corresponding IP address of source server, and purpose migration address refers to that purpose migrates
The corresponding IP address of server.As shown in fig. 6, user can in the page setup source IP address and purpose of server-side migration IP
Location, and server-side progress firewall migration process is triggered by clicking " bond migration " control button.
Step S504 determines corresponding second purpose of source IP address when source IP address is the first preset kind IP address
IP address and the second destination slogan send to the corresponding client of the second purpose IP address and carry purpose migration IP address and the
First firewall open command of two destination slogans;First preset kind IP address is source IP addresses;First firewall is opened
It opens instruction and is used to indicate the corresponding client unlatching of the second purpose IP address and purpose migration IP address and the second destination slogan
Corresponding firewall, and returned after opening successfully to server-side and open successful first feedback information.
Specifically, server-side can inquire the corresponding association firewall of source IP address in pre-stored firewall information
Information, the association firewall information include using source IP address as the firewall information of source IP addresses and using source IP address as mesh
IP address firewall information, wherein include open-minded to the corresponding server of source IP address in the former firewall information
The IP address of the destination server of firewall and corresponding port numbers (i.e. purpose IP address and destination slogan), the latter's is anti-
Include in wall with flues information the corresponding origin server of firewall that source IP address corresponding server is opened IP address (i.e. come
Source IP address) and corresponding port numbers.
Further, server-side can determine the corresponding type of source IP address according to association firewall information, when source IP address is
When the first preset kind IP address, i.e. source IP addresses, according to its corresponding association firewall information can determine its corresponding
Two purpose IP address and the second destination slogan, and send firewall unlatching to the corresponding client of the second purpose IP address and refer to
It enables, which carries purpose migration IP address and the second destination slogan.It is understood that in the present embodiment
, the second purpose IP address can be one, be also possible to multiple, each second purpose IP address can correspond to a purpose
Port or multiple destination slogans, when the second purpose IP address has multiple, server-side generates multiple firewall open commands,
It is sent respectively to each corresponding client of the second purpose IP address.
The corresponding client of second purpose IP address parses the instruction, obtains it after receiving firewall open command
The purpose migration IP address of carrying and the second destination slogan, and open and purpose migration IP address and the second destination slogan pair
The firewall answered returns to server-side if opening successfully and opens successful feedback information, if can not open within a preset period of time
Firewall is opened, then can return to the feedback information for opening failure to server-side.Wherein, it opens and purpose migration IP address and the second mesh
The corresponding firewall of port numbers refer to by purpose migration IP address be added to the corresponding firewall plan of the second destination slogan
In IP address list slightly, when there are multiple second destination slogans, purpose migration IP address is added separately to each the
In the IP address list of the corresponding firewall policy of two destination slogans.
Step S506, after receiving successful first feedback information of unlatching, to the corresponding client of the second purpose IP address
End sends the first firewall out code for carrying source IP address and the second destination slogan;First firewall out code is used for
Indicate that the corresponding client of the second purpose IP address closes firewall corresponding with source IP address and the second destination slogan, and
It is sent after closing successfully to server-side and closes successful first feedback information.
Server-side is receiving feedback information that the corresponding client of the second purpose IP address returns and according to feedback information
After judging that firewall is opened successfully, it can be sent to the corresponding client of second purpose IP address and carry source IP address and second
The firewall out code of destination slogan, the client parse the instruction, obtain it after receiving firewall out code
The source IP address of carrying and the second destination slogan, and firewall corresponding with source IP address and the second destination slogan is closed,
If closing successfully, is returned to server-side and close successful feedback information, if firewall can not be closed within a preset period of time,
The feedback information of Fail-closed can be returned to server-side.Wherein, firewall corresponding with source IP address and destination slogan is closed
Refer to that source IP address is deleted from the IP address list of the corresponding firewall policy of the port numbers, when purpose IP address correspondence is more
When a destination slogan, source IP address is deleted from the IP address list of the corresponding firewall policy of each destination slogan respectively
It removes.
In one embodiment, it prevents fires to further determine that whether the corresponding client of the second purpose IP address successfully opens
Wall, server-side can firstly generate verifying instruction after receiving the first feedback information, and verifying instruction is sent to purpose and is moved
The corresponding client of IP address is moved, the corresponding client of purpose migration IP address is after receiving verifying instruction, to the second purpose
The corresponding client of IP address sends telnet test request, if test request is sent successfully, it is determined that test result is test
Success, if test request sends failure, it is determined that test result is test crash.Further, purpose migration IP address is corresponding
Client after the completion of test, to server-side return test result, server-side upon receipt of the test results, to test result into
Row judgement sends above-mentioned firewall to the corresponding client of the second purpose IP address and closes if test result is to be successfully tested
Instruction;If test result is test crash, the notice of migration failure is shown on the page.
Step S508, after receiving successful first feedback information of closing, display migrates successful notification information.
Specifically, server-side is in the successful feedback letter of closing for receiving the corresponding client transmission of the second purpose IP address
After breath, the successful notification information of migration can be shown on the page;Server-side is receiving the corresponding visitor of the second purpose IP address
After the feedback information for the Fail-closed that family end is sent, the notification information of migration failure can be shown on the page.
In one embodiment, to further determine that whether the corresponding client of the second purpose IP address is successfully closed fire prevention
Wall, server-side can firstly generate verifying instruction, and verifying instruction is sent to the corresponding client of source IP address, source IP address pair
The client answered sends telnet test request after receiving verifying instruction, to the corresponding client of the second purpose IP address,
If test request is sent successfully, it is determined that test result is to be successfully tested, if test request sends failure, it is determined that test result
For test crash.Further, the corresponding client of source IP address returns to test result, service to server-side after the completion of test
End upon receipt of the test results, judges test result, if test result is test crash, shows and moves on the page
Move successful notification information;If test result is to be successfully tested, the notification information of migration failure is shown on the page.
In above-described embodiment, server-side can migrate process after detecting the second touch control operation automatically into firewall, real
The bond migration for having showed firewall, improves the efficiency of firewall management.
In one embodiment, as shown in fig. 7, after above-mentioned steps S502 further include:
Step S702, when source IP address is the second preset kind IP address, with determining the corresponding source IP of source IP address
Location and third destination slogan send to the corresponding client of purpose migration IP address and carry source IP addresses and third destination
Second firewall open command of slogan;Second firewall open command is used to indicate the corresponding client of purpose migration IP address
Open corresponding with source IP addresses and third destination slogan firewall, and after opening successfully to server-side return unlatching at
Second feedback information of function.
Specifically, server-side is judging that source IP is the second default class according to the corresponding association firewall information of source IP address
When type IP address, i.e. purpose IP address, the corresponding source IP of source IP address and third purpose are determined from association firewall information
Port numbers, and the second firewall open command is generated according to source IP addresses and third destination slogan, the second firewall is opened
It opens instruction and is sent to the corresponding client of purpose migration IP address.
Purpose migrates the corresponding client of IP address after receiving the second firewall open command, opens with source IP
Location and the corresponding firewall of third destination slogan return to server-side if opening successfully and open successful feedback information, if
Open failure and then return to the feedback information for opening failure to server-side, it is to be understood that source IP addresses can for one or
Multiple, each source IP addresses can correspond to one or more third destination slogans.Wherein, it opens and source IP addresses and the
The corresponding firewall of three destination slogans refers to that firewall plan corresponding to third destination slogan for source IP addresses is added
In IP address list slightly, when source IP addresses correspond to multiple third destination slogans, source IP addresses are added respectively each
In the IP address list of the corresponding firewall policy of a third destination slogan.
Step S704 is sent after receiving successful second feedback information of unlatching to the corresponding client of source IP address
Carry the second firewall out code of source IP addresses and third destination slogan;Second firewall out code is used to indicate
The corresponding client of source IP address closes source IP addresses and the corresponding firewall of third destination slogan, and after closing successfully
It is returned to server-side and closes successful second feedback information.
Specifically, server-side produces the second firewall out code after receiving the successful feedback information of unlatching, and
It is sent to the corresponding client of source IP address.The corresponding client of source IP address is after receiving firewall out code, parsing
The instruction obtains the source IP addresses and third destination slogan of its carrying, closes and source IP addresses and third destination port
Number corresponding firewall returns to server-side if closing successfully and closes successful feedback information, if Fail-closed, to clothes
Business end returns to the feedback information of Fail-closed.Wherein, firewall corresponding with source IP addresses and third destination slogan is closed
It refers to deleting source IP addresses from the IP address list of the corresponding firewall policy of third port number, works as source IP addresses
When corresponding multiple third destination slogans, respectively by source IP addresses from the corresponding firewall policy of each third destination slogan
IP address list in delete.
In one embodiment, it prevents fires to further confirm that whether the corresponding client of purpose migration IP address successfully opens
Wall, server-side can first generate verifying instruction, and verifying instruction is sent to the corresponding client of source IP addresses, source IP addresses
Corresponding client sends telnet test to the corresponding client of purpose migration IP address and asks after receiving verifying instruction
It asks, if test request is sent successfully, it is determined that test result is to be successfully tested, if test request sends failure, it is determined that test
It as a result is test crash.Further, the corresponding client of source IP addresses returns to test knot to server-side after the completion of test
Fruit, server-side upon receipt of the test results, judge test result, if test result is to be successfully tested, generates the
Two firewall out codes are simultaneously sent to the corresponding client of source IP address, aobvious in the page if test result is test crash
Show the notification information of migration failure.
Step S706, after receiving successful second feedback information of closing, display migrates successful notification information.
Specifically, server-side can show that migration is successfully logical after receiving the successful feedback information of closing on the page
Know information, after receiving the feedback information of Fail-closed, can show the notification information that migration fails in the page.
In one embodiment, it to further determine that whether the corresponding client of source IP address is successfully closed firewall, takes
Business end can firstly generate verifying instruction after receiving the successful feedback information of closing, will verify instruction with being sent to source IP
The corresponding client in location, the corresponding client of source IP addresses is after receiving verifying instruction, to the corresponding client of source IP address
End sends telnet test request, if test request is sent successfully, it is determined that test result is to be successfully tested, if test request is sent out
Send failure, it is determined that test result is test crash.Further, the corresponding client of source IP addresses is after the completion of test, to
Server-side returns to test result, and server-side upon receipt of the test results, judges test result, if test result is to survey
Examination failure then shows the successful notification information of migration on the page;If test result is to be successfully tested, shows and move on the page
Move the notification information of failure.
In above-described embodiment, server-side can migrate process after detecting the second touch control operation automatically into firewall, real
The bond migration for having showed firewall, improves the efficiency of firewall management.
In one embodiment, the above method further include: receive the current firewall information that each client is sent, currently
Firewall information is the firewall information for each port that client obtains according to the preset time interval;Based on the received
Current firewall information is updated the firewall information of currently stored each client.
Specifically, client obtains the firewall information of its each port according to the preset time, is then forwarded to service
End, server-side are updated stored firewall information according to the firewall information received, anti-with ensure to be stored
The accuracy of wall with flues information.Here firewall information include client each port numbers for having opened firewall and with end
The source IP addresses of the corresponding firewall opened of slogan.
In one embodiment, the above method further include: detection third trigger action determines that third trigger action is corresponding
Inquire IP address;Corresponding association firewall information, the association firewall information that will be inquired are inquired according to inquiry IP address
It is shown.
Specifically, the settable inquiry input frame of the display page of server-side and querying triggering label, querying triggering label
It can be prompt information or the trigger control etc. that can trigger that server-side is inquired, such as inquiry control button.Third triggering
Operation refers to acting on the predetermined registration operation of querying triggering label.When server-side detects third trigger action, will inquire
Content in input frame is determined as the inquiry IP address of third trigger action, and server-side is according to the inquiry IP address stored
It is inquired in firewall information, and the association firewall information inquired is shown in current page.Wherein, association is anti-
Wall with flues information includes that inquiry IP address is the firewall information of source IP addresses and using source IP addresses as purpose IP address
Firewall information.
In above-described embodiment, server-side, can be according to the content in inquiry input frame certainly when detecting third trigger action
It is dynamic to carry out firewall information inquiry, improve search efficiency.
It should be understood that although each step of the flow chart in attached drawing is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, these steps can execute in other order.Moreover, at least one in flow chart
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively
It carries out, but can be at least part of the sub-step or stage of other steps or other steps in turn or alternately
It executes.
In one embodiment, as shown in figure 8, providing a kind of firewall management device 800, comprising: trigger action inspection
Survey module 802, firewall configuration instruction sending module 804 and configuration result determining module 806, in which:
Trigger action detection module 802 generates firewall according to the first trigger action and matches for detecting the first trigger action
It sets instruction and determines the first purpose IP address, firewall configuration instruction carries source IP addresses and the first destination slogan;
Firewall configuration instruction sending module 804 for send firewall configuration instruct it is corresponding to the first purpose IP address
Client, so that client modifies the corresponding firewall information of the first destination slogan according to source IP addresses, and to server-side
Send feedback information;
Configuration result determining module 806 is for determining that firewall configuration refers to according to feedback information after receiving feedback information
Corresponding configuration result is enabled, and configuration result is visualized.
In one embodiment, configuration result determining module is also used to upon reception of the feedback information, according to feedback information
Verifying instruction is generated, sends verifying instruction to the corresponding client of source IP addresses;State verifying instruction with being used to indicate source IP
The corresponding client in location sends test request to the corresponding client of the first purpose IP address, and sends test knot to server-side
Fruit;When judging that firewall information is successfully modified according to test result, determine that firewall configuration instructs corresponding configuration result
For firewall configuration success;When judging firewall information modification failure according to test result, determine that firewall configuration instructs
Corresponding configuration result is firewall configuration failure.
In one embodiment, above-mentioned apparatus further includes firewall transferring module, is used for: the second trigger action of detection, really
The fixed corresponding source IP address of second trigger action and purpose migrate IP address;When source IP address is the first preset kind IP address
When, corresponding second purpose IP address of source IP address and the second destination slogan are determined, to the corresponding visitor of the second purpose IP address
Family end sends the first firewall open command for carrying purpose migration IP address and the second destination slogan;First preset kind IP
Address is source IP addresses;First firewall open command is used to indicate the corresponding client unlatching of the second purpose IP address and mesh
Migration IP address and the corresponding firewall of the second destination slogan, and return to server-side after opening successfully open it is successful
First feedback information;After receiving successful first feedback information of unlatching, to the corresponding client hair of the second purpose IP address
Send the first firewall out code for carrying source IP address and the second destination slogan;First firewall out code is used to indicate
The corresponding client of second purpose IP address closes firewall corresponding with source IP address and the second destination slogan, and is closing
It is sent after success to server-side and closes successful first feedback information;After receiving successful first feedback information of closing, show
Show the successful notification information of migration.
In one embodiment, above-mentioned firewall transferring module is also used to: when source IP address for the second preset kind IP
When location, the corresponding source IP addresses of source IP address and third destination slogan are determined, to the corresponding client of purpose migration IP address
End sends the second firewall open command for carrying source IP addresses and third destination slogan;Second preset kind IP address is
Purpose IP address;Second firewall open command is used to indicate the corresponding client of purpose migration IP address and opens with source IP
Location and the corresponding firewall of third destination slogan, and returned after opening successfully to server-side and open successful second feedback letter
Breath;After receiving successful second feedback information of unlatching, is sent to the corresponding client of source IP address and carry source IP addresses
And the second firewall out code of third destination slogan;It is corresponding that second firewall out code is used to indicate source IP address
Client closes source IP addresses and the corresponding firewall of third destination slogan, and returns and close to server-side after closing successfully
Close successful second feedback information;After receiving successful second feedback information of closing, display migrates successful notification information.
In one embodiment, above-mentioned apparatus further includes firewall information update module, for receiving each client hair
The current firewall information sent, current firewall information are the anti-of each port that client obtains according to the preset time interval
Wall with flues information;Current firewall information carries out more the firewall information of currently stored each client based on the received
Newly.
In one embodiment, above-mentioned apparatus further includes association firewall information display module, for detecting third triggering
Operation, determines the corresponding inquiry IP address of third trigger action;Corresponding association firewall information is inquired according to inquiry IP address,
The association firewall information inquired is shown.
Specific about firewall management device limits the restriction that may refer to above for firewall management method, In
This is repeated no more.Modules in above-mentioned firewall management device can come fully or partially through software, hardware and combinations thereof
It realizes.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with software
Form is stored in the memory in computer equipment, executes the corresponding operation of the above modules in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 9.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment is for storing firewall information.The network interface of the computer equipment is used to pass through net with external terminal
Network connection communication.To realize a kind of firewall management method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 9, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, which is stored with
The step of computer program, which realizes above-mentioned any embodiment method when executing computer program.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program realizes the step of above-mentioned any embodiment method when being executed by processor.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of firewall management method is applied to server-side, which comprises
The first trigger action is detected, firewall configuration is generated according to first trigger action and is instructed and with determining the first destination IP
Location, the firewall configuration instruction carry source IP addresses and the first destination slogan;
Send the firewall configuration and instruct client corresponding to first purpose IP address so that the client according to
The source IP addresses modify the corresponding firewall information of first destination slogan, and send feedback information to server-side;
After receiving the feedback information, determine that the firewall configuration instructs corresponding configuration to tie according to the feedback information
Fruit, and the configuration result is visualized.
2. the method according to claim 1, wherein it is described receive the feedback information after, according to described anti-
Feedforward information determines that the firewall configuration instructs corresponding configuration result, and the configuration result is visualized, comprising:
After receiving the feedback information, verifying instruction is generated according to the feedback information, Xiang Suoshu source IP addresses are corresponding
Client send the verifying and instruct;Verifying instruction is used to indicate the corresponding client of the source IP addresses to described
The corresponding client of first purpose IP address sends test request, and sends test result to the server-side;
When judging that the firewall information is successfully modified according to the test result, the firewall configuration instruction pair is determined
The configuration result answered is firewall configuration success;
When judging the firewall information modification failure according to the test result, the firewall configuration instruction pair is determined
The configuration result answered is firewall configuration failure.
3. the method according to claim 1, wherein the method also includes:
The second trigger action is detected, determines the corresponding source IP address of second trigger action and purpose migration IP address;
When the source IP address is the first preset kind IP address, corresponding second purpose IP address of the source IP address is determined
And second destination slogan, the corresponding client of the second purpose IP address of Xiang Suoshu send carry the purpose migration IP address and
First firewall open command of second destination slogan;The first preset kind IP address is source IP addresses;
The first firewall open command is used to indicate the corresponding client of second purpose IP address and opens and the mesh
Migration IP address and the corresponding firewall of second destination slogan, and after opening successfully to the server-side return open
Open successful first feedback information;
After receiving successful first feedback information of unlatching, the corresponding client of the second purpose IP address of Xiang Suoshu, which is sent, to be carried
First firewall out code of the source IP address and second destination slogan;
The first firewall out code is used to indicate the corresponding client of second purpose IP address and closes and the source
IP address and the corresponding firewall of second destination slogan, and closed successfully after closing successfully to server-side transmission
The first feedback information;
After receiving successful first feedback information of closing, display migrates successful notification information.
4. according to the method described in claim 3, it is characterized in that, determining described second in the second trigger action of the detection
After the corresponding source IP address of trigger action and purpose migration IP address, further includes:
When the source IP address is the second preset kind IP address, the corresponding source IP addresses of the source IP address and the are determined
Three destination slogans, Xiang Suoshu purpose migrate the corresponding client of IP address and send the carrying source IP addresses and the third
Second firewall open command of destination slogan;The second preset kind IP address is purpose IP address;
The second firewall open command be used to indicate the corresponding client of purpose migration IP address open with it is described come
Source IP address and the corresponding firewall of the third destination slogan, and after opening successfully to the server-side return open at
Second feedback information of function;
After receiving successful second feedback information of unlatching, it is described next that the corresponding client of Xiang Suoshu source IP address sends carrying
Second firewall out code of source IP address and the third destination slogan;
The second firewall out code is used to indicate the corresponding client of the source IP address and closes the source IP addresses
And the corresponding firewall of the third destination slogan, and returned after closing successfully to the server-side and close successful second
Feedback information;
After receiving successful second feedback information of closing, display migrates successful notification information.
5. the method according to claim 1, wherein the method also includes:
Receive the current firewall information that each client is sent, the current firewall information be client according to it is preset when
Between interval acquiring each port firewall information;
Current firewall information is updated the firewall information of currently stored each client based on the received.
6. the method according to claim 1, wherein the method also includes:
Third trigger action is detected, determines the corresponding inquiry IP address of the third trigger action;
Corresponding association firewall information is inquired according to the inquiry IP address, the association firewall information inquired is carried out
It shows.
7. a kind of firewall management device, which is characterized in that described device includes:
Trigger action detection module generates firewall configuration according to first trigger action for detecting the first trigger action
Instruct and determine the first purpose IP address, the firewall configuration instruction carries source IP addresses and the first destination slogan;
Firewall configuration instruction sending module is instructed for sending the firewall configuration to first purpose IP address correspondence
Client, make client modify the corresponding firewall of first destination slogan according to the source IP addresses to believe with described
Breath, and feedback information is sent to server-side;
Configuration result determining module determines the firewall according to the feedback information after receiving the feedback information
The corresponding configuration result of configuration-direct, and the configuration result is visualized.
8. device according to claim 7, which is characterized in that the configuration result determining module is also used to receiving
After stating feedback information, verifying instruction is generated according to the feedback information, the corresponding client transmission of Xiang Suoshu source IP addresses is tested
Card instruction;Stating verifying instruction, to be used to indicate the corresponding client of the source IP addresses corresponding to first purpose IP address
Client sends test request, and sends test result to the server-side;It is described anti-when being judged according to the test result
When wall with flues information is successfully modified, determine that the firewall configuration instructs corresponding configuration result for firewall configuration success;Work as root
When judging the firewall information modification failure according to the test result, determine that the firewall configuration instructs corresponding configuration
As a result fail for firewall configuration.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 6 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claims 1 to 6 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910818789.4A CN110493064A (en) | 2019-08-30 | 2019-08-30 | Firewall management method, apparatus, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910818789.4A CN110493064A (en) | 2019-08-30 | 2019-08-30 | Firewall management method, apparatus, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110493064A true CN110493064A (en) | 2019-11-22 |
Family
ID=68555873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910818789.4A Pending CN110493064A (en) | 2019-08-30 | 2019-08-30 | Firewall management method, apparatus, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110493064A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711635A (en) * | 2020-06-23 | 2020-09-25 | 平安银行股份有限公司 | Firewall opening method and device, computer equipment and storage medium |
| CN112350868A (en) * | 2020-11-06 | 2021-02-09 | 平安科技(深圳)有限公司 | Wall opening processing method, device, server, system and readable storage medium |
| CN112448948A (en) * | 2020-11-12 | 2021-03-05 | 平安普惠企业管理有限公司 | Firewall opening result verification method, device, equipment and storage medium |
| CN114338162A (en) * | 2021-12-28 | 2022-04-12 | 奇安信科技集团股份有限公司 | Security policy management method and device, electronic device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100109A (en) * | 2015-08-19 | 2015-11-25 | 华为技术有限公司 | Method and device for deploying security access control policy |
| CN106027569A (en) * | 2016-07-19 | 2016-10-12 | 浪潮电子信息产业股份有限公司 | Firewall management methods, master node, slave node, and cluster |
| CN107819874A (en) * | 2017-11-27 | 2018-03-20 | 南京城市职业学院 | A kind of method of remote control fire wall terminal |
| CN109361711A (en) * | 2018-12-14 | 2019-02-19 | 泰康保险集团股份有限公司 | Firewall configuration method, apparatus, electronic equipment and computer-readable medium |
-
2019
- 2019-08-30 CN CN201910818789.4A patent/CN110493064A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100109A (en) * | 2015-08-19 | 2015-11-25 | 华为技术有限公司 | Method and device for deploying security access control policy |
| CN106027569A (en) * | 2016-07-19 | 2016-10-12 | 浪潮电子信息产业股份有限公司 | Firewall management methods, master node, slave node, and cluster |
| CN107819874A (en) * | 2017-11-27 | 2018-03-20 | 南京城市职业学院 | A kind of method of remote control fire wall terminal |
| CN109361711A (en) * | 2018-12-14 | 2019-02-19 | 泰康保险集团股份有限公司 | Firewall configuration method, apparatus, electronic equipment and computer-readable medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711635A (en) * | 2020-06-23 | 2020-09-25 | 平安银行股份有限公司 | Firewall opening method and device, computer equipment and storage medium |
| CN111711635B (en) * | 2020-06-23 | 2024-03-26 | 平安银行股份有限公司 | Firewall wall opening method and device, computer equipment and storage medium |
| CN112350868A (en) * | 2020-11-06 | 2021-02-09 | 平安科技(深圳)有限公司 | Wall opening processing method, device, server, system and readable storage medium |
| CN112350868B (en) * | 2020-11-06 | 2023-04-18 | 平安科技(深圳)有限公司 | Wall opening processing method, device, server, system and readable storage medium |
| CN112448948A (en) * | 2020-11-12 | 2021-03-05 | 平安普惠企业管理有限公司 | Firewall opening result verification method, device, equipment and storage medium |
| CN114338162A (en) * | 2021-12-28 | 2022-04-12 | 奇安信科技集团股份有限公司 | Security policy management method and device, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110730107B (en) | Test data generation method and device, computer equipment and storage medium | |
| CN110493064A (en) | Firewall management method, apparatus, computer equipment and storage medium | |
| CN107908541B (en) | Interface testing method and device, computer equipment and storage medium | |
| CA2694303C (en) | Extensible execution language | |
| CN109446068B (en) | Interface test method, device, computer equipment and storage medium | |
| CN105553769B (en) | A kind of data acquisition and analysis system and method | |
| CN110990205B (en) | Interface call testing method, device and computer readable storage medium | |
| CN108427613B (en) | Abnormal interface positioning method and device, computer equipment and storage medium | |
| US20060156288A1 (en) | Extensible execution language | |
| CN110008117A (en) | Page test method, device, computer equipment and storage medium | |
| CN110224996A (en) | Network Access Method, device, computer equipment and the storage medium of application program | |
| CN112363941A (en) | Interface testing method and device, computer equipment and storage medium | |
| CN109726134B (en) | Interface test method and system | |
| CN108400978B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| CN110650091B (en) | Routing configuration information processing method and device, computer equipment and storage medium | |
| CN110245505A (en) | Tables of data access method, device, computer equipment and storage medium | |
| CN104767655A (en) | Analog result detection method and device | |
| CN112231209A (en) | Parameter acquisition method and device, computer equipment and storage medium | |
| CN109657475A (en) | Code vulnerabilities check method, apparatus, equipment and storage medium | |
| CN109582583A (en) | Method for testing software, device, computer equipment and storage medium | |
| CN108322458A (en) | Web Application intrusion detections method, system, computer equipment and storage medium | |
| CN106970870B (en) | Webpage test platform, webpage test method and webpage test system | |
| CN110134595A (en) | Analysis method, device, computer equipment before SVN resource library test | |
| KR20150025106A (en) | Verification apparatus, terminal device, system, method and computer-readable medium for monitoring of application verification result | |
| CN112612706A (en) | Automated testing method, computer device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20240126 |
|
| AD01 | Patent right deemed abandoned |