Two-layer exchange type firewall package filtering method based on bridge

A firewall and packet filtering technology, applied in the direction of preventing unauthorized use of memory, protecting storage content from loss, network connection, etc., can solve problems such as troublesome firewall user settings, and achieve the effect of user-friendly and good packet filtering function

Inactive Publication Date: 2003-08-20
BEIJING LEADSEC TECH
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If the user's network is very complex, this will bring troubles in setting up the firewall user

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Two-layer exchange type firewall package filtering method based on bridge
  • Two-layer exchange type firewall package filtering method based on bridge
  • Two-layer exchange type firewall package filtering method based on bridge

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The network interconnection entity (relay entity) of IEEE802.X is designated as a bridge. The design of the bridge is to realize the interconnection of the LAN. They use the target MAC address when deciding how to forward the data between the LANs. The bridge does not have the usual In the network layer, the routing search and packet forwarding functions usually borne by the network layer are placed in the data link layer.

[0019] The basis of the present invention is to use the network bridge to realize message forwarding, but in the process of forwarding, the user can define security rules, that is, completely realize the packet filtering function of the firewall at the link layer.

[0020] Such as figure 1 , 2 As shown, all Ethernet ports of the firewall of the present invention are bound as a virtual bridge device during work, and port 1 and port 2 are two Ethernet ports of the switching firewall. The Ethernet port is set to promiscuous mode, and all data on the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The filtering method includes at least the following steps: setting retransmission data base in the bridge and setting the bridge port in hybrid mode; trapping data package flowing through the connected local network port and recording or renewing the relation message between the medium access address and the port; and performing the package filtering inspection in the link layer during the package retransmission inside the bridge so as to decide the abandon, retransmission and submission to upper IP layer of the data package. The firewall of the present invention does not process and retransmit IP report, so that when the firewall is added between the user's network and router and user's host computer has no need of altering original gateway configuration and increased routing configuration in the router.

Description

technical field [0001] The invention relates to a firewall packet filtering method, in particular to a bridge-based method for realizing firewall packet filtering between a link layer and a network layer. Background technique [0002] If the firewall processes and forwards IP packets at the network layer, when the firewall is added between the protected network and the router, the hosts in the network protected by the firewall should modify the original gateway settings pointing to the router to point to the firewall. The original router of the protection network should modify the routing table so as to forward the IP packets of the firewall. If the user's network is very complex, this brings troubles in setting up the firewall user. Contents of the invention [0003] The object of the present invention is to provide a kind of method based on bridge-based two-layer switching firewall packet filtering, its firewall is not processed and forwards IP message at the network la...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F12/14G06F12/16H04L12/66
Inventor 宋斌高红李江力
Owner BEIJING LEADSEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap