Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for detecting firewall rule conflict

A firewall and rule technology, applied in the field of network security, can solve problems such as difficulties and high efficiency, and achieve the effect of improving efficiency and reducing complexity

Active Publication Date: 2012-03-28
BEIJING TOPSEC NETWORK SECURITY TECH
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a method and device for detecting firewall rule conflicts, which are used to solve the problem that due to the diversification of the storage methods of rule attributes, the methods for detecting firewall rule conflicts in the prior art are difficult and inefficient when comparing attributes. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting firewall rule conflict
  • Method and device for detecting firewall rule conflict
  • Method and device for detecting firewall rule conflict

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The specific implementation process of the present invention will be described below in conjunction with each accompanying drawing.

[0027] see figure 1 , this figure is a flow chart of the implementation principle of the method for detecting firewall rule conflicts according to the present invention, which mainly includes the following steps:

[0028] Step 10, performing linear transformation on the attribute information of each rule in the firewall rule set;

[0029] The attribute information is one or more of source address, destination address, protocol, source port and destination port.

[0030] Step 11, using the priority number of each rule as an index, and storing the linearization interval corresponding to the attribute information of each rule obtained after conversion in the form of a linearized linked list;

[0031] The linearization intervals corresponding to any item of attribute information of the rule are arranged in ascending order in the linearizati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for detecting firewall rule conflict, and the method comprises the steps of carrying out linear transformation on attribute information centralizing all rules of firewall rules, and storing a linearization range which corresponds to the attribute information of all the rules obtained after transformation by taking serial numbers of the priorities of all the rules as an index and in the form of a linearization chain table; traversing the linearization range when carrying out rule addition or modification on the firewall rules, and centralizing the firewall rules in a relevant rule set which exists the attribute information intersection with the rules which are added or modified at this time; and sequentially judging whether the rules in the relevant rule set are consistent with the actions which corresponding to the rules which are added or modified at this time, determining the consistent corresponding actions as redundant rules, and determining the inconsistent corresponding actions as conflict rules. The method and the device can greatly improve the efficiency of detecting the firewall rule conflict.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting conflicts of firewall rules. Background technique [0002] The firewall rule set refers to the set of rules configured by the administrator to limit whether packets in the network can pass through when the firewall implements access control. [0003] In recent years, firewall rule sets have become increasingly large, such as large enterprise-level firewalls, which usually contain hundreds or even thousands of rules. Faced with a large number of rules, even if the administrator only completes some basic tasks, such as figuring out the meaning of each rule and the relationship between the rules, it is not an easy task. Rule conflict refers to the intersection between two or more rules. When adding a rule, the new rule A may conflict with an existing rule B, causing some packets to match A and B at the same time. In this way, there is an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L12/24H04L29/06
Inventor 陈强
Owner BEIJING TOPSEC NETWORK SECURITY TECH