Unlock instant, AI-driven research and patent intelligence for your innovation.

Network security service configuration method and device and electronic equipment

A network security and configuration method technology, which is applied in the field of network security service configuration methods, devices and electronic equipment, can solve problems such as host firewall conflicts, host firewalls that cannot be controlled, and firewall rules that cannot be followed, and achieve high flexibility and scalability. Effect

Active Publication Date: 2022-05-13
CHINA TELECOM CLOUD TECH CO LTD
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Therefore, the technical problem to be solved by the present invention is to overcome the defects that the existing host firewall and k8s components conflict, the host firewall cannot control container network messages, and the firewall rules cannot follow the destination node scheduled by k8s, thereby providing a network security service configuration method , devices and electronic equipment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security service configuration method and device and electronic equipment
  • Network security service configuration method and device and electronic equipment
  • Network security service configuration method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The technical solutions of the present invention will be clearly and completely described below in conjunction with the accompanying drawings. Apparently, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0023] In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer" etc. The indicated orientation or positional relationship is based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the present invention and simplifying the description, rather than indicating or implying that the referred device or element must have a specific orientation, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network security service configuration method, which comprises the following steps: when an application service created by any user is obtained, generating a firewall CRD rule resource corresponding to the application service according to a preset black and white list configuration rule; when the firewall CRD rule resource is monitored, judging whether an application service corresponding to the firewall CRD rule resource is deployed to a local container or not; and when an application service corresponding to the firewall CRD rule resource is deployed to a local container, writing the firewall CRD rule resource into a kernel module through a ct - filter tool. According to the method, firewall black and white list configuration rules on each host are defined in a k8s operator programmable mode, meanwhile, the configuration rules are deployed to a specified K8S node, the k8s operator controls firewall configuration in a final state mode to update and refresh, the firewall configuration can be configured along with a deployed working node of an application service container, and the configuration efficiency of the application service container is improved. And meanwhile, the method has relatively high flexibility and expansibility.

Description

technical field [0001] The invention relates to the technical field of big data analysis, in particular to a network security service configuration method, device and electronic equipment. Background technique [0002] In the k8s environment, using the iptables command to maintain the host firewall rules has the following three problems: When the number of iptables entries and firewall entries on the machine is large, there is a certain probability of operation conflicts. After the operation conflicts, the firewalld background service will be abnormal. Or the kube-proxy guardian container network rules are lost, which eventually leads to abnormal service on the external request machine; the entry distributed in the netfilter framework of the protocol stack by the container network is earlier than the filtering entry of the firewall, resulting in the failure of data packets entering the container network. Get the effective control of the firewall; k8s has made unified schedul...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/0209H04L63/0263H04L63/101Y02D30/50
Inventor 阮兆银李永隆吴建国
Owner CHINA TELECOM CLOUD TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com