Method for realizing firewall in household gateway

A technology of a home gateway and its implementation method, which is applied in the direction of network connection, electrical components, transmission systems, etc., and can solve problems such as not being able to meet the safety requirements of home gateway products

Inactive Publication Date: 2012-11-21
SHENZHEN GONGJIN ELECTRONICS CO LTD
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the rapid development of network technology, the security performance requirements for home gateway products are getting higher and higher. The traditional packet filtering and proxy f

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for realizing firewall in household gateway
  • Method for realizing firewall in household gateway

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0031] 1. When the home gateway user accesses external services, the data packet passes through the SPI firewall, and the SPI firewall adds the connection tracking information corresponding to the user request in the connection tracking information table, the connection request reaches the external network server, and the response message of the external network server reaches the SPI firewall , the SPI firewall queries whether the packet information matches the connection tracking state table, and if it matches, it is allowed to reach the home gateway user through the SPI firewall. In this way, the home gateway user can normally access external network services.

specific Embodiment 2

[0032]2. When an external user actively requests access to the home gateway, the SPI fire protection judges whether the packet matches the connection tracking status information entry. If it does not match, it continues to query whether it is a specified service data packet of the SPI firewall, not the specified service data Packet loss processing is then performed, and outside users cannot access the home gateway, so outside network users cannot access the home gateway.

specific Embodiment 3

[0033] 3. When the home gateway user performs IGMP on-demand service. When the multicast flow message of the multicast server arrives at the SPI firewall, the message cannot be matched to the state information of the connection tracking table, and then the specified service data rule matching process is performed, and the matching specified service rule reaches the home gateway user through the SPI firewall, so that Home gateway users can order IGMP services normally.

[0034] Those of ordinary skill in the art above can understand that all or part of the steps for implementing the above method embodiments can be completed by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, Execution includes the steps of the above method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing a firewall in a household gateway, and relates to a method preventing an internet access in the manner of detecting the internet access through an SPI (stateful packet inspection). The SPI-typed firewall means that each connecting information (including socket pairs which comprises a source address, a destination address, a source port and a destination port, a protocol type, a TCP (transfer control protocol) connection state, an overtime hour and the like) is detected for judging whether the firewall filters a data packet. By the adoption of the method, besides finishing the work of packet filtering of a simple packet filtering firewall, a table of a tracing and connecting state is maintained in the own internal memory, thus the firewall is provided with higher safety compared with the simple packet filtering firewall.

Description

technical field [0001] The invention belongs to the security field of home gateway network equipment, and more specifically relates to a method for realizing a firewall for a home gateway. Background technique [0002] With the rapid development of network technology, the security performance requirements for home gateway products are getting higher and higher. The traditional packet filtering and proxy firewall functions can no longer meet the security requirements of current home gateway products. The current advanced state packet inspection (SPI ) firewall provides the highest level of security. [0003] The Linux operating system is the most used in home gateways. The Linux system uses the Netfilter framework to implement the SPI firewall function. Netfilter mainly uses the key technology of Connection Tracking. Connection tracking is the basis of packet filtering, and it operates as an independent module. . Use connection tracking technology to intercept data packets ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/66
Inventor 邓艳兵
Owner SHENZHEN GONGJIN ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap