CN111277590B - Device information screening method, firewall device, network device and storage medium - Google Patents
Device information screening method, firewall device, network device and storage medium Download PDFInfo
- Publication number
- CN111277590B CN111277590B CN202010061639.6A CN202010061639A CN111277590B CN 111277590 B CN111277590 B CN 111277590B CN 202010061639 A CN202010061639 A CN 202010061639A CN 111277590 B CN111277590 B CN 111277590B
- Authority
- CN
- China
- Prior art keywords
- information
- equipment
- controlled
- address information
- controlled equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for screening equipment information, which comprises the following steps: reading controlled equipment information in equipment management and control information, wherein the controlled equipment information comprises network address information and state information of controlled equipment; judging whether the controlled equipment meets the loading condition or not according to the state information and the loaded list; if the controlled equipment meets the loading condition, determining corresponding physical address information according to the network address information of the controlled equipment; and determining correct equipment identification information corresponding to the controlled equipment according to the physical address information. The invention also discloses a firewall device, network equipment and a readable storage medium. The invention aims to ensure that the accuracy of the equipment information screened by the local area network is improved when the linkage management and control of more than one local area network are carried out, thereby ensuring the accuracy of the equipment management and control.
Description
Technical Field
The present invention relates to the field of network technologies, and in particular, to a device information screening method, a firewall apparatus, a network device, and a readable storage medium.
Background
At present, when a terminal management and control platform is used to manage and control a plurality of devices in different lans, after firewalls in different lans are accessed to the terminal management and control platform, the terminal management and control platform synchronizes host information (including mapping relationships between network addresses and device identifiers in the lans) of all accessed devices to the firewalls respectively. Firewalls typically look up the corresponding devices for disposition (e.g., linkage, attestation, killing, etc.) based on network addresses.
In which there may be situations where the addresses of devices of different local area networks are the same. When a firewall performs device handling based on management and control information of a terminal management and control platform, if devices with the same network address exist, and when online devices and offline devices exist in the devices with the same address, host information corresponding to the online devices is preferentially loaded, and when the devices with the same address are all online devices, host information which is not loaded is loaded, so that the host information loaded by the firewall is host information of the devices with the same address information in other local area networks, that is, devices in other local area networks can be matched based on the network address, and consequences such as host errors of handling can occur.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide an equipment information screening method, aiming at improving the accuracy of host screening in a local area network when linkage management and control are carried out on more than one local area network.
In order to achieve the above object, the present invention provides an apparatus information screening method, including the steps of:
screening controlled equipment information in the equipment management and control information, wherein the controlled equipment information comprises network address information and state information of the controlled equipment;
judging whether the controlled equipment meets loading conditions or not according to the state information and the loaded list;
if the controlled equipment meets the loading condition, determining corresponding physical address information according to the network address information of the controlled equipment;
and determining correct equipment identification information corresponding to the controlled equipment according to the physical address information.
Optionally, the determining, according to the state information and the loaded list, whether the controlled device meets a loading condition includes:
judging whether the state information is in an online state or not and whether the loaded list comprises the network address information or not;
if the state information is in an online state and the loaded list comprises the network address information, judging that the controlled equipment meets a loading condition;
and if the state information is in an off-line state or the loaded list does not include the network address information, judging that the controlled equipment does not meet the loading condition.
Optionally, after determining the correct device identification information corresponding to the controlled device according to the physical address information, the method further includes:
and storing the correct equipment identification information and the network address information of the controlled equipment into the loaded list.
Optionally, the determining, according to the physical address information, correct device identification information corresponding to the controlled device includes:
and performing hash mapping on the physical address information to obtain the correct equipment identification information.
Optionally, the controlled device information further includes first device identification information that the network address information has a corresponding relationship, and after the step of determining whether the controlled device satisfies the loading condition according to the state information and the loaded list, the method further includes:
and if the controlled equipment does not meet the loading condition, directly taking the first equipment identification information as the correct equipment identification information.
Optionally, the device management and control information includes more than one piece of controlled device information, and after the step of determining, according to the physical address information, correct device identification information corresponding to the controlled device, the method further includes:
judging whether unloaded controlled equipment exists or not according to the loaded list and the equipment management and control information;
if the unloaded controlled equipment exists, returning and executing the controlled equipment information in the reading equipment management and control information;
the step of reading the controlled device information in the device management and control information includes:
and reading the controlled equipment information corresponding to the controlled equipment which is not loaded in the equipment management and control information.
Optionally, the step of determining whether there is an unloaded controlled device according to the loaded list and the device management and control information includes:
judging whether network address information included in more than one piece of controlled equipment information in the equipment management and control information is stored in the loaded list or not;
if yes, judging that no unloaded controlled equipment exists;
if not, judging that unloaded controlled equipment exists;
and using the controlled equipment information corresponding to the network address information which is not stored in the loaded list as the controlled equipment information corresponding to the unloaded controlled equipment.
In addition, in order to achieve the above object, the present application also proposes a firewall device including:
the reading module is used for reading controlled equipment information in equipment management and control information, wherein the controlled equipment information comprises network address information and state information of controlled equipment;
the judging module is used for judging whether the controlled equipment meets the loading condition or not according to the state information and the loaded list;
the addressing module is used for determining corresponding physical address information according to the network address information of the controlled equipment when the judging module judges that the controlled equipment meets the loading condition;
and the first processing module is used for determining correct equipment identification information corresponding to the controlled equipment according to the physical address information.
In addition, in order to achieve the above object, the present application also proposes a network device, including: a memory, a processor, and a device information filter stored on the memory and operable on the processor, the device information filter when executed by the processor implementing the steps of the device information filtering method as described in any one of the above.
In addition, in order to achieve the above object, the present application also proposes a readable storage medium having stored thereon a device information filtering program, which when executed by a processor, implements the steps of the device information filtering method according to any one of the above.
The invention provides a device information screening method, which is characterized in that device management and control information including network address information and controlled device information of state information of controlled devices is read, the controlled devices are judged to meet loading conditions according to the state information and a recorded list, corresponding physical address information is determined according to the network address information of the controlled devices, and correct device identification information corresponding to the controlled devices is determined according to the determined physical address information. Because the physical address information of the device has uniqueness and cannot be changed by the difference of the local area network, correct device identification information determined based on the physical address information corresponding to the network address information in the local area network necessarily belongs to the device in the local area network and cannot be matched with devices in other local area networks, so that the accuracy of host screening in the local area network is improved when linkage management and control of more than one local area network are ensured.
Drawings
FIG. 1 is a diagram of the hardware architecture involved in the operation of one embodiment of the network device of the present invention;
FIG. 2 is a schematic flow chart illustrating an embodiment of a method for screening device information according to the present invention;
FIG. 3 is a detailed flowchart of step S20 in FIG. 2;
fig. 4 is a flowchart illustrating an apparatus information screening method according to another embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The main solution of the embodiment of the invention is as follows: reading controlled equipment information in equipment management and control information, wherein the controlled equipment information comprises network address information and state information of controlled equipment; judging whether the controlled equipment meets the loading condition or not according to the state information and the loaded list; if the controlled equipment meets the loading condition, determining corresponding physical address information according to the network address information of the controlled equipment; and determining correct equipment identification information corresponding to the controlled equipment according to the physical address information.
In the prior art, when a firewall handles devices based on management and control information of a terminal management and control platform, if devices with the same network address exist, and when online devices and offline devices exist in the devices with the same address, host information corresponding to the online devices is preferentially loaded, and when the devices with the same address are all online devices, host information which is not loaded is loaded, so that the host information loaded by the firewall is host information of devices with the same address information in other local area networks, that is, devices in other local area networks can be matched based on the network address, and consequences such as host errors of handling can occur.
The invention provides the solution, and aims to ensure that the accuracy of host screening in a local area network is improved when linkage management and control are performed on more than one local area network.
The invention provides a network device. Specifically, the network device is a gateway device equipped with a firewall, the network device is connected with a plurality of controlled devices to form a local area network, and the network device is further connected with a terminal control platform to realize management and control of the controlled devices in the local area network by the terminal control platform.
In the embodiment of the present invention, referring to fig. 1, a network device includes: a processor 1001, such as a CPU, memory 1002, or the like. The memory 1002 is connected to the processor 1001. The memory 1002 may be a high-speed RAM memory or a non-volatile memory (e.g., a disk memory). The memory 1002 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the device illustrated in fig. 1 is not intended to be limiting of the device, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1002, which is a readable storage medium, may include a device information filtering program therein. In the apparatus shown in fig. 1, the processor 1001 may be configured to call the device information filtering program stored in the memory 1002 and perform the operations of the steps related to the device information filtering method in the following embodiments.
The invention also provides an equipment information screening method.
Referring to fig. 2, an embodiment of the device information screening method of the present invention is provided, where the device information screening method includes:
step S10, reading controlled device information in device management and control information, wherein the controlled device information includes network address information and state information of the controlled device;
the device management and control information is specifically information provided by the terminal management and control platform for the local area network managed and controlled by the terminal management and control platform to realize management and control of the devices in the local area network. The terminal management and control platform manages and controls more than one device in the local area network, and based on the management and control platform, the device management and control information comprises controlled device information corresponding to the more than one device in the local area network. The controlled device information may specifically include network address information and status information of the controlled device. In addition, the controlled device information may further include device identification information having a corresponding relationship with the network address information recorded in the terminal management and control platform, and the device identification information is defined as first device identification information. The first device identification information is specifically a unique identifier configured by the terminal management and control platform for each controlled device connected to the terminal management and control platform and used for distinguishing from other devices. The device identification information of each controlled device connected to the terminal control platform is different, and the network address information of the controlled device connected to the terminal control platform may be the same or different.
The network address information specifically refers to a network address configured for the controlled device by the gateway device when the controlled device joins the local area network where the controlled device is located. The network address information is specifically an IP address. The state information specifically refers to information characterizing a connection state of the controlled device in the local area network. The status information specifically includes an online status and an offline status. Specifically, the controlled device is in an online state when accessing the local area network, and is in an offline state when not accessing the local area network.
Specifically, the agents _ info.ini configuration file provided by the terminal management and control platform to the local area network is obtained as the device management and control information. Controlled device information is read in the configuration file.
Step S20, judging whether the controlled equipment meets the loading condition according to the state information and the loaded list;
if the controlled device satisfies the loading condition, executing step S30; if the controlled device does not satisfy the loading condition, step S50 is executed.
And after the equipment identification information is screened based on the network address information of the local area network before the current moment, the obtained equipment identification information corresponding to the controlled equipment in the local area network and the corresponding data table stored in association with the network address information are the loaded list.
Specifically, the loading condition may be specifically set according to a scenario in which a controlled device is likely to conflict when performing device matching based on the network address information. Acquiring the equipment connection state and the loading state of the controlled equipment based on the state information and the loaded list, and if the equipment connection state and the loading state of the controlled equipment are both preset states, judging that the controlled equipment meets the loading condition; and if the equipment connection state and the loading state of the controlled equipment are different from the preset state, judging that the controlled equipment does not meet the loading condition.
Step S30, determining corresponding physical address information according to the network address information of the controlled device;
specifically, in each local area network, the network address information of the controlled device has a corresponding relationship with the physical address information. And inquiring the network configuration information of the local area network based on the network address information so as to obtain the physical address information corresponding to the network address information.
And step S40, determining correct device identification information corresponding to the controlled device according to the physical address information.
The physical address information and the device identification information are the only identification of the controlled device on the terminal control platform, so that the physical address information of the controlled device can be associated with the device identification information to form device configuration information, the device identification information corresponding to the current physical address information can be determined by acquiring the device configuration information, and the acquired device identification information is the physical address information corresponding to the controlled device.
In addition, there may be an operational relationship between the physical address information of the controlled device and the device identification information. And calculating the physical address information according to the operation relation to obtain correct equipment identification information corresponding to the controlled equipment.
The method for screening the device information reads the controlled device information including the network address information and the state information of the controlled device in the device management and control information, judges that the controlled device meets the loading condition according to the state information and the recorded list, determines the corresponding physical address information according to the network address information of the controlled device, and determines the correct device identification information corresponding to the controlled device according to the determined physical address information. Because the physical address information of the device has uniqueness and cannot be changed by the difference of the local area network, correct device identification information determined based on the physical address information corresponding to the network address information in the local area network necessarily belongs to the device in the local area network and cannot be matched with devices in other local area networks, so that the accuracy of host screening in the local area network is improved when linkage management and control of more than one local area network are ensured.
Further, after step S20, the method further includes: if the controlled device does not satisfy the loading condition, step S50 is performed.
Step S50, directly using the first device identification information as the correct device identification information. That is to say, at this time, based on the fact that the same network address information does not exist in the device management and control information and corresponds to different device identification information, the first device identification information having a correspondence relationship with the network address information in the controlled device information of the device management and control information can be directly used as correct device identification information corresponding to the controlled device, so that the accuracy of device screening can be ensured, and the efficiency of device screening can be improved.
Specifically, in the above embodiment, referring to fig. 3, the step S20 includes:
step S21, determining whether the status information is online and the loaded list includes the network address information;
if the status information is online and the loaded list includes the network address information, go to step S22; if the status information is an offline status, or the loaded list does not include the network address information, step S23 is executed.
When the loaded list of the local area network comprises network address information, equipment corresponding to the network address information in the local area network is determined; when the loaded and cracked network address information of the local area network does not include the network address information, the device corresponding to the network address information in the local area network is not determined.
Specifically, a status value of controlled device information in the device management and control information is extracted as state information, and when the status value is a first characteristic value, the state information is determined to be in an online state; and when the status value is the second characteristic value, determining that the state information is in an off-line state.
Step S22, determining that the controlled device satisfies a loading condition;
step S23, determining that the controlled device does not satisfy the loading condition.
Specifically, when the state information is in an online state and the loaded list includes network address information in the controlled device information, it is determined that the controlled device satisfies the loading condition, and correct device identification information of the controlled device is determined according to steps S30 and S40; when the state information is in an offline state and the loaded list does not include the network address information in the controlled device information, judging that the controlled device does not meet the loading condition, and determining correct identification information of the controlled device according to the step S50; when the state information is in an offline state and the loaded list already includes the network address information in the controlled device information, judging that the controlled device does not meet the loading condition, and determining correct identification information of the controlled device according to the step S50; when the status information is in the online status and the loaded list does not include the network address information in the controlled device information, it is determined that the controlled device does not satisfy the loading condition, and correct identification information of the controlled device is determined according to step S50.
In this embodiment, since the controlled device is offline and/or is not loaded in the local area network, even if different devices with the same network address in different local area networks do not conflict, the first device identification information corresponding to the network address information in the controlled device information can be directly used as the correct device identification information corresponding to the controlled device, so as to ensure that the device screening is correct and improve the device screening efficiency; when the controlled equipment is online and loaded in the local area network, equipment with consistent network addresses in different local area networks can cause error in screening of any local area network equipment, so that the accuracy of screening of any local area network equipment is improved by determining the physical address information corresponding to the network address information and determining the correct equipment identification information of the controlled equipment according to the physical address information, and the equipment screening can be used for correctly disposing all the local area network equipment.
Further, in the above embodiment, after step S40 or step S50, the method further includes:
step S60, storing the correct device identification information and network address information of the controlled device in the loaded list. Specifically, in the loaded list, the correct device identification information and the network address information are stored in association. By the method, whether the controlled equipment meets the loading condition is accurately judged based on the loaded list, the firewall and the terminal control platform can correctly dispose the controlled equipment based on the network address information, and the controlled equipment with the same network address information in other local area networks is prevented from being disposed.
Further, in the above embodiment, when configuring the device identification information for the controlled device, the terminal management and control platform may obtain the physical address information of the device, and process the physical address information according to a certain generation rule to form the device identification information corresponding to the controlled device, where the generation rule may specifically be a calculation rule, an extraction rule, and the like. Based on this, in the present embodiment, step S40 includes: and carrying out Hash mapping on the physical address information to obtain the correct equipment identification information. The generation rule may be embodied as a hash map here. Based on this, after the physical address information corresponding to the current network address information is determined, the result of performing hash mapping on the physical address information is used as the correct device identification information of the controlled device. In this embodiment, correct device identification information is obtained by performing hash mapping on the physical address information, and it is not necessary to configure the association between the physical address information and the correct device identification information in advance, so that when device information is loaded, correct device identification information of the controlled device can be obtained based on the physical address information, and the device screening accuracy is improved while the device screening efficiency is further improved.
It should be noted that, when the device management and control information includes more than one piece of controlled device information, each piece of controlled device information may perform accurate device screening according to the above embodiment to determine correct device identification information corresponding to each piece of network address information in the local area network, so that when the terminal management and control platform manages and controls the controlled devices in more than one local area network, any controlled device may be correctly handled, specifically, referring to fig. 4, when the device management and control information includes more than one piece of controlled device information, after the step of determining the correct device identification information corresponding to the controlled device according to the physical address information, the method further includes:
step S70, judging whether unloaded controlled equipment exists according to the loaded list and the equipment management and control information;
if there is an unloaded controlled device, return to execution of step S10, at which point step S10 includes: step S11, read the controlled device information corresponding to the controlled device that is not loaded in the device management and control information. Based on the read controlled device information, correct device identification information corresponding to the unloaded controlled device is further determined according to steps S20, S30, S40, S50, S60, and the like.
Specifically, it is determined whether network address information included in more than one piece of controlled device information in the device management and control information is stored in the loaded list; if yes, judging that no unloaded controlled equipment exists; if not, judging that unloaded controlled equipment exists; and using the controlled equipment information corresponding to the network address information which is not stored in the loaded list as the controlled equipment information corresponding to the unloaded controlled equipment.
Based on this, the following description will be given by way of example of an embodiment: the terminal management and control platform manages and controls 5 controlled devices of a local area network 1 (devices 1 to 3) and a local area network 2 (devices 4 to 5), the device management and control information synchronized to the local area network by the terminal management and control platform includes controlled device information corresponding to the 5 controlled devices, and each piece of controlled device information includes state information (power on or power off), network address Information (IP) and device identification information (agent _ id) configured by the terminal management and control platform. Specifically, the device management and control information includes controlled device information (power-on, agent _ id: 111, ip: 1.1.1.1) of the device 1, controlled device information (power-on, agent _ id: 112, ip: 1.1.1.2) of the device 2, controlled device information (power-off, agent _ id: 113, ip: 1.1.1.2) of the device 3, controlled device information (power-on, agent _ id: 114, ip: 1.1.1.1) of the device 4, and controlled device information (power-on, agent _ id: 115, ip: 1.1.1.3) of the device 5. For the local area network 1, when none of the 5 controlled devices is loaded in the local area network 1, the loaded list corresponding to the local area network 1 does not contain any information. One of the 5 pieces of controlled device information may be selected from the device management and control information acquired by the lan 1, for example, the controlled device information (boot, agent _ id: 111, ip: 1.1.1.1) of the device 1 is extracted as the controlled device information of the device to be loaded, it is determined according to the above steps S20 to S60 that the correct device identification information corresponding to the network address information 1.1.1.1 is 111, instead of 114, and the network address information 1.1.1.1 and the correct device identification information 111 are stored in the loaded list corresponding to the lan 1 in an associated manner. Then, comparing the network address information 1.1.1.1 in the loaded list with the 5 pieces of network address information in the device management and control information, it can be determined that no ip is stored in the loaded list: 1.1.1.2 and ip: 1.1.1.3, it can be determined that there is an unloaded controlled device in the lan 1. ip: 1.1.1.2 and ip: 1.1.1.3 is the controlled device not loaded in the local area network 1, ip: 1.1.1.2 and ip: 1.1.1.3 is controlled device information corresponding to an unloaded controlled device, and therefore, one of the controlled device information (power-on, agent _ id: 112, ip: 1.1.1.2) of the device 2, the controlled device information (power-off, agent _ id: 113, ip: 1.1.1.2) of the device 3, and the controlled device information (power-on, agent _ id: 115, ip: 1.1.1.3) of the device 5 can be read in the device management and control information as the controlled device information of the device to be loaded, for example, the controlled device information (boot, agent _ id: 112, ip: 1.1.1.2) of the device 2 is used as the controlled device information of the device to be loaded, the steps S20 to S60 are repeatedly executed to determine that the correct device identification information corresponding to the network address information 1.1.1.2 is 112, the network address information 1.1.1.2 and the corresponding correct device identification information 112 are stored in association with the loaded list of the lan 1. By analogy, it is further determined that the network address information 1.1.1.3 and the corresponding correct device identification information are 115 and stored in association with the loaded list of the lan 1. Similarly, the device information in the local area network 2 can be screened by referring to the above manner, so that loading of all the device information is completed, and a terminal management and control platform can be ensured to correctly handle any device in any local area network.
In addition, an embodiment of the present invention further provides a firewall device, where the firewall device includes:
the reading module is used for reading controlled equipment information in equipment management and control information, wherein the controlled equipment information comprises network address information and state information of controlled equipment;
the judging module is used for judging whether the controlled equipment meets the loading condition or not according to the state information and the loaded list;
the addressing module is used for determining corresponding physical address information according to the network address information of the controlled equipment when the judging module judges that the controlled equipment meets the loading condition;
and the first processing module is used for determining correct equipment identification information corresponding to the controlled equipment according to the physical address information.
In this embodiment, all technical solutions of all embodiments of the device information screening method are adopted, so that at least all beneficial effects brought by the technical solutions of the embodiments are achieved, and details are not repeated herein.
In addition, an embodiment of the present invention further provides a readable storage medium, where the readable storage medium stores a device information filtering program, and the device information filtering program, when executed by a processor, implements the relevant steps of any embodiment of the above device information filtering method.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.
Claims (9)
1. An apparatus information screening method, characterized by comprising the steps of:
reading controlled equipment information in equipment management and control information, wherein the controlled equipment information comprises network address information and state information of controlled equipment; the state information is information representing the connection state of the controlled equipment in a local area network;
if the state information is in an online state and the loaded list comprises the network address information, judging that the controlled equipment meets the loading condition, and determining corresponding physical address information according to the network address information of the controlled equipment; the loaded list is a data table associated with device identification information corresponding to the controlled device in the local area network and corresponding network address information before the current moment;
and determining correct equipment identification information corresponding to the controlled equipment according to the physical address information.
2. The device information screening method of claim 1, wherein after determining the correct device identification information corresponding to the controlled device according to the physical address information, the method further comprises:
and storing the correct equipment identification information and the network address information of the controlled equipment into the loaded list.
3. The device information screening method of claim 1, wherein the determining the corresponding correct device identification information of the controlled device according to the physical address information comprises:
and performing hash mapping on the physical address information to obtain the correct equipment identification information.
4. The apparatus information screening method according to any one of claims 1 to 3, wherein the controlled apparatus information further includes first apparatus identification information with which the network address information has a correspondence relationship, the apparatus information screening method further comprising:
and if the state information is in an off-line state or the loaded list does not include the network address information, directly taking the first equipment identification information as the correct equipment identification information.
5. The method for screening device information according to any one of claims 1 to 3, wherein the device management and control information includes more than one piece of controlled device information, and after the step of determining, according to the physical address information, correct device identification information corresponding to the controlled device, the method further includes:
judging whether unloaded controlled equipment exists or not according to the loaded list and the equipment management and control information;
if the unloaded controlled equipment exists, returning and executing the controlled equipment information in the reading equipment management and control information;
the step of reading the controlled device information in the device management and control information includes:
and reading controlled equipment information corresponding to the unloaded controlled equipment in the equipment management and control information.
6. The apparatus information screening method according to claim 5, wherein the step of determining whether or not there is an unloaded controlled apparatus according to the loaded list and the apparatus management and control information includes:
judging whether network address information included in more than one piece of controlled equipment information in the equipment management and control information is stored in the loaded list or not;
if yes, judging that no unloaded controlled equipment exists;
if not, judging that unloaded controlled equipment exists;
and using the controlled equipment information corresponding to the network address information which is not stored in the loaded list as the controlled equipment information corresponding to the unloaded controlled equipment.
7. A firewall apparatus, characterized in that the firewall apparatus comprises:
the reading module is used for reading controlled equipment information in equipment management and control information, wherein the controlled equipment information comprises network address information and state information of controlled equipment; the state information is information representing the connection state of the controlled equipment in the local area network;
the addressing module is used for determining corresponding physical address information according to the network address information of the controlled equipment; the loaded list is a data table associated with the equipment identification information corresponding to the controlled equipment in the local area network and the corresponding network address information before the current moment;
the judging module is used for judging that the controlled equipment meets the loading condition and calling the addressing module if the state information is in an online state and the loaded list comprises the network address information;
and the first processing module is used for determining correct equipment identification information corresponding to the controlled equipment according to the physical address information.
8. A network device, characterized in that the network device comprises: a memory, a processor, and a device information filter stored on the memory and executable on the processor, the device information filter when executed by the processor implementing the steps of the device information filtering method of any of claims 1 to 6.
9. A readable storage medium, having stored thereon a device information filtering program which, when executed by a processor, implements the steps of the device information filtering method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010061639.6A CN111277590B (en) | 2020-01-19 | 2020-01-19 | Device information screening method, firewall device, network device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010061639.6A CN111277590B (en) | 2020-01-19 | 2020-01-19 | Device information screening method, firewall device, network device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111277590A CN111277590A (en) | 2020-06-12 |
| CN111277590B true CN111277590B (en) | 2022-06-21 |
Family
ID=71000761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010061639.6A Active CN111277590B (en) | 2020-01-19 | 2020-01-19 | Device information screening method, firewall device, network device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111277590B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916826A (en) * | 2011-08-01 | 2013-02-06 | 中兴通讯股份有限公司 | Method and device for controlling network access |
| CN106412142A (en) * | 2016-08-30 | 2017-02-15 | 浙江宇视科技有限公司 | Resource device address obtaining method and device |
| CN107645479A (en) * | 2016-07-22 | 2018-01-30 | 平安科技(深圳)有限公司 | A kind of method and terminal for realizing fire wall high availability more living |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7843821B2 (en) * | 2006-12-21 | 2010-11-30 | Oracle America, Inc. | Method, apparatus and program product to use factory-defined multiple MAC addresses for virtual NICS |
| CN101127727B (en) * | 2007-09-28 | 2012-07-04 | 电信科学技术研究院 | IP address configuration and mobile detection method for mobile IP |
| GB2465799B (en) * | 2008-12-01 | 2012-01-25 | Apple Inc | System and method of controlling delivery of multimedia messages |
| CN103763405A (en) * | 2014-01-21 | 2014-04-30 | 福建三元达通讯股份有限公司 | Method for quickly recovering DHCP leases |
| CN109327395B (en) * | 2018-11-30 | 2021-09-10 | 新华三信息安全技术有限公司 | Message processing method and device |
| CN109697109B (en) * | 2018-12-27 | 2023-09-05 | 深信服科技股份有限公司 | Method, system, device and storage medium for distinguishing and identifying conflict virtual machines |
| CN110708400B (en) * | 2019-08-27 | 2023-08-25 | 重庆雅讯电源技术有限公司 | Network address allocation method, device, node equipment and storage medium |
-
2020
- 2020-01-19 CN CN202010061639.6A patent/CN111277590B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916826A (en) * | 2011-08-01 | 2013-02-06 | 中兴通讯股份有限公司 | Method and device for controlling network access |
| CN107645479A (en) * | 2016-07-22 | 2018-01-30 | 平安科技(深圳)有限公司 | A kind of method and terminal for realizing fire wall high availability more living |
| CN106412142A (en) * | 2016-08-30 | 2017-02-15 | 浙江宇视科技有限公司 | Resource device address obtaining method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111277590A (en) | 2020-06-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108039969B (en) | Network automatic configuration method, device, system, storage medium and target computer | |
| CN108322325B (en) | Virtual machine management method and device | |
| CN109284140B (en) | Configuration method and related equipment | |
| CN110543324B (en) | Plug-in increment updating method and device for application program | |
| CN111414391A (en) | Method and system for accessing multiple data sources | |
| US10067753B2 (en) | Application program uninstallation method and apparatus | |
| CN111104677A (en) | Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification | |
| CN111078200A (en) | Task construction method, device, equipment, medium and system | |
| CN112328363A (en) | Cloud hard disk mounting method and device | |
| CN113872951B (en) | Hybrid cloud security policy issuing method and device, electronic equipment and storage medium | |
| CN114025032A (en) | Transmission protocol method, system, equipment and storage medium of EMS and BMS | |
| CN111277590B (en) | Device information screening method, firewall device, network device and storage medium | |
| CN110278123B (en) | Checking method, checking device, electronic equipment and readable storage medium | |
| CN110572285B (en) | Device code writing method, device code writing device and readable storage medium | |
| CN111654398B (en) | Configuration updating method and device, computer equipment and readable storage medium | |
| CN110505189B (en) | Identification method, identification device and storage medium for terminal security agent breakthrough | |
| CN113282516A (en) | Method and device for processing test case result | |
| CN112947991A (en) | Method and device for acquiring version difference code file, computer equipment and medium | |
| CN112685102A (en) | Gateway plug-in hot loading method, device, equipment and medium | |
| CN111078571A (en) | Test method for simulation response, terminal device and computer readable storage medium | |
| CN111225075A (en) | Configuration method and device for Internet of things directional access service | |
| CN113992739B (en) | Local area network OTA firmware upgrading device, method and system | |
| CN112559085B (en) | Plug-in loading method, equipment, storage medium and device of Internet of things equipment | |
| CN116501414B (en) | Resource control method, device, medium and computing equipment based on cloud platform | |
| CN114637553B (en) | Method, system, equipment and storage medium for configuring comprehensive treatment platform of cell |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |