CN114499948A - Linux firewall dynamic policy processing method and device and storage medium - Google Patents
Linux firewall dynamic policy processing method and device and storage medium Download PDFInfo
- Publication number
- CN114499948A CN114499948A CN202111587269.0A CN202111587269A CN114499948A CN 114499948 A CN114499948 A CN 114499948A CN 202111587269 A CN202111587269 A CN 202111587269A CN 114499948 A CN114499948 A CN 114499948A
- Authority
- CN
- China
- Prior art keywords
- firewall
- policy
- network information
- linux
- kernel network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 230000006855 networking Effects 0.000 claims abstract description 53
- 238000012545 processing Methods 0.000 claims abstract description 27
- 238000001514 detection method Methods 0.000 claims abstract description 26
- 238000013475 authorization Methods 0.000 claims abstract description 12
- 230000000903 blocking effect Effects 0.000 claims description 6
- 238000000034 method Methods 0.000 abstract description 10
- 230000000007 visual effect Effects 0.000 abstract description 3
- 238000012800 visualization Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 8
- 238000011156 evaluation Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A Linux firewall dynamic policy processing method, a Linux firewall dynamic policy processing device and a storage medium are provided, wherein the method comprises the following steps: detecting a networking status of an application; acquiring kernel network information according to the detection result; carrying out duplicate checking detection on the kernel network information; generating a firewall policy according to the kernel network information; and processing the networking state of the application according to the firewall policy. The Linux firewall dynamic policy processing method, the Linux firewall dynamic policy processing device and the storage medium solve the problem of usability such as being not friendly to a user and not visual enough when the application networking is blocked by a firewall and the failure is caused in the aspects of usability such as visualization, authorization and configuration.
Description
Technical Field
The invention belongs to the technical field of Linux systems, and particularly relates to a Linux firewall dynamic policy processing method, a Linux firewall dynamic policy processing device and a storage medium.
Background
With the advancement of information localization, the popularity of a domestic operating system is higher and higher, and the domestic operating system is almost developed secondarily based on a Linux system, so that the audience area of the Linux system is wider and wider, most users of the domestic operating system are not trained professionally and are not familiar with the use of the Linux system, but in order to protect the security of system networking, various firewalls are often required to be opened in the system.
The situation that the application networking is blocked by a firewall generally occurs in the process that a user uses the system, and the specific reason of the application networking failure is definitely unclear by a common user at the moment, so that the Linux system is inconvenient to use and is difficult to use.
Disclosure of Invention
In order to solve the above problems, the present invention provides a Linux firewall dynamic policy processing method, comprising the steps of:
detecting a networking status of an application;
acquiring kernel network information according to the detection result;
carrying out duplicate checking detection on the kernel network information;
generating a firewall policy according to the kernel network information;
and processing the networking state of the application according to the firewall policy.
Preferably, the detecting the networking status of the application comprises the steps of:
detecting a Linux kernel firewall;
judging whether a networking blocking strategy exists in the Linux kernel firewall;
if yes, detecting DROP state information;
if not, the current networking state is kept.
Preferably, the acquiring the kernel network information according to the detection result includes:
judging whether DROP state information is detected;
if yes, network connection information is obtained;
if not, the current networking state is kept.
Preferably, the acquiring the network connection information includes the steps of:
acquiring a network connection source address;
acquiring a network connection destination address;
and acquiring the port number of the network connection.
Preferably, the performing duplicate checking detection on the kernel network information includes:
detecting information and checking a duplicate storage pool;
judging whether the kernel network information exists in the information duplication checking storage pool or not;
if yes, discarding the kernel network information;
and if not, writing the kernel network information into the information duplication checking storage pool.
Preferably, the generating the firewall policy according to the kernel network information includes:
acquiring the kernel network information;
generating a firewall policy according to the kernel network information;
and writing the firewall policy into a policy storage pool.
Preferably, the processing the networking state of the application according to the firewall policy comprises the steps of:
detecting a strategy storage pool;
judging whether a new firewall policy exists in the policy storage pool or not;
if yes, displaying an authorization program;
if not, keeping the current networking state;
judging whether the authorization program receives a release authorization instruction;
if yes, loading the firewall policy into a system;
and if not, ignoring the firewall policy.
The invention also provides a Linux firewall dynamic policy processing device, which comprises:
the networking state detection module is used for detecting the networking state of the application;
the kernel network information acquisition module is used for acquiring kernel network information according to the detection result;
the duplicate checking detection module is used for carrying out duplicate checking detection on the kernel network information;
the firewall strategy generating module is used for generating a firewall strategy according to the kernel network information;
and the networking state processing module is used for processing the networking state of the application according to the firewall policy.
The present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the Linux firewall dynamic policy handling methods described above.
The present invention also provides a non-transitory computer readable storage medium storing computer instructions for causing a computer to execute any of the Linux firewall dynamic policy processing methods described above.
The Linux firewall dynamic policy processing method, the Linux firewall dynamic policy processing device and the storage medium solve the problem of usability such as being not friendly to a user and not visual enough when the application networking is blocked by a firewall and the failure is caused in the aspects of usability such as visualization, authorization and configuration.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart illustrating a Linux firewall dynamic policy processing method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a Linux firewall dynamic policy processing apparatus according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of an electronic device according to the present invention;
fig. 4 is a schematic structural diagram of a non-transitory computer-readable storage medium according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
Referring to fig. 1, in an embodiment of the present application, the present invention provides a Linux firewall dynamic policy processing method, where the method includes:
s1: detecting a networking status of an application;
in an embodiment of the present application, the detecting a networking status of an application includes:
detecting a Linux kernel firewall;
judging whether a networking blocking strategy exists in the Linux kernel firewall;
if yes, detecting DROP state information;
if not, the current networking state is kept.
In the embodiment of the application, when the networking state of the application is detected, firstly, a Linux kernel firewall needs to be detected, and whether a networking blocking strategy exists in the Linux kernel firewall is judged; when a networking prevention strategy exists, if the application cannot be networked at the moment, DROP state information is detected; when the networking blocking strategy does not exist, normal networking is applied at the moment, and the current networking state is kept.
S2: acquiring kernel network information according to the detection result;
in this embodiment of the present application, the acquiring the kernel network information according to the detection result includes:
judging whether DROP state information is detected;
if yes, network connection information is obtained;
if not, the current networking state is kept.
In the embodiment of the application, when the kernel network information is acquired according to the detection result, whether the DROP state information is detected or not is judged at this time, if the DROP state information exists, the application cannot be networked, and the network connection information is directly acquired at this time; and when the DROP state information does not exist, indicating that the application is normally networked, and keeping the current networking state.
In an embodiment of the present application, the acquiring network connection information includes:
acquiring a network connection source address;
acquiring a network connection destination address;
and acquiring the port number of the network connection.
In the embodiment of the present application, when acquiring the network connection information, specifically, a network connection source address, a network connection destination address, and a network connection port number need to be acquired.
S3: carrying out duplicate checking detection on the kernel network information;
in this embodiment of the present application, the performing duplicate checking and detecting on the kernel network information includes:
detecting information and searching a duplicate storage pool;
judging whether the kernel network information exists in the information duplication checking storage pool or not;
if yes, discarding the kernel network information;
and if not, writing the kernel network information into the information duplication checking storage pool.
In the embodiment of the application, when the kernel network information is subjected to duplicate checking, specifically, an information duplicate checking storage pool is detected, whether the kernel network information exists in the information duplicate checking storage pool is judged, and if the kernel network information exists, the kernel network information is directly discarded; and if the information does not exist, writing the kernel network information into the information duplication storage pool.
S4: generating a firewall strategy according to the kernel network information;
in this embodiment of the present application, the generating a firewall policy according to the kernel network information includes:
acquiring the kernel network information;
generating a firewall policy according to the kernel network information;
and writing the firewall policy into a policy storage pool.
In the embodiment of the application, when the firewall policy is generated according to the kernel network information, the kernel network information is firstly acquired, the firewall policy is generated according to the kernel network information, and then the firewall policy is written into the policy storage pool.
S5: and processing the networking state of the application according to the firewall policy.
In this embodiment of the present application, the processing the networking state of the application according to the firewall policy includes:
detecting a strategy storage pool;
judging whether a new firewall policy exists in the policy storage pool or not;
if yes, displaying an authorization program;
if not, keeping the current networking state;
judging whether the authorization program receives a release authorization instruction;
if yes, loading the firewall policy into a system;
and if not, ignoring the firewall policy.
In the embodiment of the application, when the networking state of the application is processed according to the firewall policy, a policy storage pool needs to be detected at this time, and whether a new firewall policy exists in the policy storage pool is judged; if the authorization program exists, displaying the authorization program, and enabling the user to input a permission authorization instruction or a block authorization instruction on the authorization program; if not, keeping the current networking state; then judging whether the authorization program receives a release authorization instruction, and if the release authorization instruction is received, loading the firewall policy into a system; and if the permission authorization instruction is not received, namely the blocking authorization instruction is received, ignoring the firewall policy.
As shown in fig. 2, in the embodiment of the present application, the present invention further provides a Linux firewall dynamic policy processing apparatus, where the apparatus includes:
a networking state detection module 10 for detecting the networking state of the application;
a kernel network information obtaining module 20, configured to obtain kernel network information according to the detection result;
the duplicate checking detection module 30 is used for carrying out duplicate checking detection on the kernel network information;
a firewall policy generating module 40, configured to generate a firewall policy according to the kernel network information;
and the networking state processing module 50 is used for processing the networking state of the application according to the firewall policy.
The Linux firewall dynamic policy processing device provided by the application can execute the Linux firewall dynamic policy processing method provided by the steps.
Referring now to FIG. 3, a block diagram of an electronic device 100 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 3, the electronic device 100 may include a processing means (e.g., a central processing unit, a graphic processor, etc.) 101 that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)102 or a program loaded from a storage means 108 into a Random Access Memory (RAM) 103. In the RAM 103, various programs and data necessary for the operation of the electronic apparatus 100 are also stored. The processing device 101, the ROM 102, and the RAM 103 are connected to each other via a bus 104. An input/output (I/O) interface 105 is also connected to bus 104.
Generally, the following devices may be connected to the I/O interface 105: input devices 106 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; an output device 107 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 108 including, for example, magnetic tape, hard disk, etc.; and a communication device 109. The communication means 109 may allow the electronic device 100 to communicate wirelessly or by wire with other devices to exchange data. While the figures illustrate an electronic device 100 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may be alternatively implemented or provided.
In particular, the processes described above with reference to the flow diagrams may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication means 109, or installed from the storage means 108, or installed from the ROM 102. The computer program, when executed by the processing device 101, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
Referring now to FIG. 4, there is shown a schematic block diagram of a computer-readable storage medium suitable for implementing embodiments of the present disclosure, the computer-readable storage medium storing a computer program, which when executed by a processor is capable of implementing the Linux firewall dynamic policy processing method as described in any of the above.
It should be noted that the computer readable medium of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring at least two internet protocol addresses; sending a node evaluation request comprising the at least two internet protocol addresses to node evaluation equipment, wherein the node evaluation equipment selects the internet protocol addresses from the at least two internet protocol addresses and returns the internet protocol addresses; receiving an internet protocol address returned by the node evaluation equipment; wherein the obtained internet protocol address indicates an edge node in the content distribution network.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a node evaluation request comprising at least two internet protocol addresses; selecting an internet protocol address from the at least two internet protocol addresses; returning the selected internet protocol address; wherein the received internet protocol address indicates an edge node in the content distribution network.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
The Linux firewall dynamic policy processing method, the Linux firewall dynamic policy processing device and the storage medium solve the problem of usability such as being not friendly to a user and not visual enough when the application networking is blocked by a firewall and the failure is caused in the aspects of usability such as visualization, authorization and configuration.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (10)
1. A Linux firewall dynamic policy processing method is characterized by comprising the following steps:
detecting a networking status of an application;
acquiring kernel network information according to the detection result;
carrying out duplicate checking detection on the kernel network information;
generating a firewall policy according to the kernel network information;
and processing the networking state of the application according to the firewall policy.
2. The Linux firewall dynamic policy processing method of claim 1, wherein the detecting a networking status of an application comprises the steps of:
detecting a Linux kernel firewall;
judging whether a networking blocking strategy exists in the Linux kernel firewall;
if yes, detecting DROP state information;
if not, the current networking state is kept.
3. The Linux firewall dynamic policy processing method of claim 1, wherein the obtaining of the kernel network information according to the detection result comprises the steps of:
judging whether DROP state information is detected;
if yes, network connection information is obtained;
if not, the current networking state is kept.
4. The Linux firewall dynamic policy processing method of claim 3, wherein the obtaining network connection information comprises the steps of:
acquiring a network connection source address;
acquiring a network connection destination address;
and acquiring the port number of the network connection.
5. The Linux firewall dynamic policy processing method of claim 1, wherein the performing duplicate checking detection on the kernel network information comprises the steps of:
detecting information and searching a duplicate storage pool;
judging whether the kernel network information exists in the information duplication checking storage pool or not;
if yes, discarding the kernel network information;
and if not, writing the kernel network information into the information duplication checking storage pool.
6. The Linux firewall dynamic policy processing method of claim 1, wherein the generating a firewall policy according to the kernel network information comprises the steps of:
acquiring the kernel network information;
generating a firewall policy according to the kernel network information;
and writing the firewall policy into a policy storage pool.
7. The Linux firewall dynamic policy processing method of claim 1, wherein the processing the networking state of the application according to the firewall policy comprises the steps of:
detecting a strategy storage pool;
judging whether a new firewall policy exists in the policy storage pool or not;
if yes, displaying an authorization program;
if not, keeping the current networking state;
judging whether the authorization program receives a release authorization instruction or not;
if yes, loading the firewall policy into a system;
and if not, ignoring the firewall policy.
8. A Linux firewall dynamic policy processing apparatus, the apparatus comprising:
the networking state detection module is used for detecting the networking state of the application;
the kernel network information acquisition module is used for acquiring kernel network information according to the detection result;
the duplicate checking detection module is used for carrying out duplicate checking detection on the kernel network information;
the firewall strategy generating module is used for generating a firewall strategy according to the kernel network information;
and the networking state processing module is used for processing the networking state of the application according to the firewall policy.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the Linux firewall dynamic policy processing method of any of claims 1-7.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the Linux firewall dynamic policy processing method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111587269.0A CN114499948A (en) | 2021-12-23 | 2021-12-23 | Linux firewall dynamic policy processing method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111587269.0A CN114499948A (en) | 2021-12-23 | 2021-12-23 | Linux firewall dynamic policy processing method and device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114499948A true CN114499948A (en) | 2022-05-13 |
Family
ID=81494890
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111587269.0A Pending CN114499948A (en) | 2021-12-23 | 2021-12-23 | Linux firewall dynamic policy processing method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114499948A (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005165A1 (en) * | 2003-06-25 | 2005-01-06 | Microsoft Corporation | Method of assisting an application to traverse a firewall |
| US20130247167A1 (en) * | 2011-08-24 | 2013-09-19 | Mcafee, Inc. | System, method, and computer program for preventing infections from spreading in a network environment using dynamic application of a firewall policy |
| CN105187435A (en) * | 2015-09-24 | 2015-12-23 | 浪潮电子信息产业股份有限公司 | Firewall rule filtering optimization method |
| CN106295355A (en) * | 2016-08-11 | 2017-01-04 | 南京航空航天大学 | A kind of active safety support method towards Linux server |
| CN107943502A (en) * | 2017-12-01 | 2018-04-20 | 天津麒麟信息技术有限公司 | A kind of upgrade method based on the detection of fine granularity system mode under linux system |
| CN110365655A (en) * | 2019-06-20 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of firewall rule adding method and device |
| CN110505262A (en) * | 2018-05-18 | 2019-11-26 | 深信服科技股份有限公司 | Dynamic differential phase method, system, Cloud Server and storage medium under cloud environment |
| CN111031038A (en) * | 2019-12-12 | 2020-04-17 | 惠州Tcl移动通信有限公司 | Network processing method and device, storage medium and terminal equipment |
| CN111600895A (en) * | 2020-05-20 | 2020-08-28 | 北京北斗弘鹏科技有限公司 | Network security protection method and device, storage medium and electronic equipment |
| CN111711635A (en) * | 2020-06-23 | 2020-09-25 | 平安银行股份有限公司 | Firewall opening method and device, computer equipment and storage medium |
| CN112039868A (en) * | 2020-08-27 | 2020-12-04 | 中国平安财产保险股份有限公司 | Firewall policy verification method, device, equipment and storage medium |
| CN112468448A (en) * | 2020-11-05 | 2021-03-09 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
-
2021
- 2021-12-23 CN CN202111587269.0A patent/CN114499948A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005165A1 (en) * | 2003-06-25 | 2005-01-06 | Microsoft Corporation | Method of assisting an application to traverse a firewall |
| US20130247167A1 (en) * | 2011-08-24 | 2013-09-19 | Mcafee, Inc. | System, method, and computer program for preventing infections from spreading in a network environment using dynamic application of a firewall policy |
| CN105187435A (en) * | 2015-09-24 | 2015-12-23 | 浪潮电子信息产业股份有限公司 | Firewall rule filtering optimization method |
| CN106295355A (en) * | 2016-08-11 | 2017-01-04 | 南京航空航天大学 | A kind of active safety support method towards Linux server |
| CN107943502A (en) * | 2017-12-01 | 2018-04-20 | 天津麒麟信息技术有限公司 | A kind of upgrade method based on the detection of fine granularity system mode under linux system |
| CN110505262A (en) * | 2018-05-18 | 2019-11-26 | 深信服科技股份有限公司 | Dynamic differential phase method, system, Cloud Server and storage medium under cloud environment |
| CN110365655A (en) * | 2019-06-20 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of firewall rule adding method and device |
| CN111031038A (en) * | 2019-12-12 | 2020-04-17 | 惠州Tcl移动通信有限公司 | Network processing method and device, storage medium and terminal equipment |
| CN111600895A (en) * | 2020-05-20 | 2020-08-28 | 北京北斗弘鹏科技有限公司 | Network security protection method and device, storage medium and electronic equipment |
| CN111711635A (en) * | 2020-06-23 | 2020-09-25 | 平安银行股份有限公司 | Firewall opening method and device, computer equipment and storage medium |
| CN112039868A (en) * | 2020-08-27 | 2020-12-04 | 中国平安财产保险股份有限公司 | Firewall policy verification method, device, equipment and storage medium |
| CN112468448A (en) * | 2020-11-05 | 2021-03-09 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 张帅;贾如春;: "基于ARM11嵌入式防火墙的设计与实现", 激光杂志, no. 09 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110287810B (en) | Vehicle door motion detection method, device and computer readable storage medium | |
| CN111427647B (en) | Page display method and device of application program, storage medium and electronic equipment | |
| CN111291244B (en) | House source information display method, device, terminal and storage medium | |
| CN110377341B (en) | Method, device, medium and electronic equipment for monitoring no-response exception | |
| CN110865852B (en) | Webpage component loading method and device, electronic equipment and storage medium | |
| CN110865846B (en) | Application management method, device, terminal, system and storage medium | |
| CN110673986A (en) | Memory operation abnormity capturing method, device, terminal and storage medium | |
| CN112905220B (en) | Thermal restoration method, device, equipment and storage medium | |
| CN113391860B (en) | Service request processing method and device, electronic equipment and computer storage medium | |
| CN110674050B (en) | Memory out-of-range detection method and device, electronic equipment and computer storage medium | |
| CN110908860B (en) | Java thread acquisition method and device, medium and electronic equipment | |
| CN111083145A (en) | Message sending method and device and electronic equipment | |
| CN114499948A (en) | Linux firewall dynamic policy processing method and device and storage medium | |
| CN111241368B (en) | Data processing method, device, medium and equipment | |
| CN111274513B (en) | Window display method, device, terminal and storage medium | |
| CN110764995B (en) | Method, device, medium and electronic equipment for detecting file access abnormality | |
| CN111291379A (en) | Android-based vehicle-mounted system application detection method and device and electronic equipment | |
| CN111310175A (en) | iOS application safety monitoring and protecting method and device based on plug-in | |
| CN110109699A (en) | A kind of loophole component lookup method, system, medium and electronic equipment | |
| CN114816609B (en) | Method and device for displaying window, electronic equipment and computer readable storage medium | |
| CN111782410B (en) | Lock jam monitoring method and device, electronic equipment and computer readable medium | |
| CN111782308B (en) | Method and device for presenting page | |
| CN112929162B (en) | Password management method and system, electronic equipment and readable storage medium | |
| CN116108433A (en) | Linux-based process monitoring protection method, system, equipment and storage medium | |
| CN116820620A (en) | Resource loading method and device, readable medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220513 |
|
| RJ01 | Rejection of invention patent application after publication |