Extensions to filter on IPv6 header
First Claim
1. An network implementing at least one firewall for providing protection for at least one user or resource on the network, the network comprising:
- at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall; and
the at least one firewall comprising installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the at least one firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall.
2 Assignments
0 Petitions
Accused Products
Abstract
A network implementing at least one firewall for providing protection for users on the network. The network includes at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall. The at least one firewall including installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall. The policy rules include an option field for allowing the at least one network entity to send additional information to the firewall. The additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol. The additional information is optionally used by the at least one firewall to filter on data travelling through the at least one firewall.
-
Citations
25 Claims
-
1. An network implementing at least one firewall for providing protection for at least one user or resource on the network, the network comprising:
-
at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall; and
the at least one firewall comprising installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the at least one firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A firewall for providing protection for at least one user or resource on a network, the firewall comprising:
-
installation means for installing policy rules that are transmitted from at least one network entity to the firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A host system comprising a firewall for providing protection, the host system entity comprising:
-
installation means on the firewall for installing policy rules that are transmitted from at least one network entity through the firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for protecting systems connected to at least one firewall by providing additional information to the at least one firewall, the method comprises the steps of:
-
transmitting policy rules from at least one network entity connected to the at least one firewall;
installing the policy rules on the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol; and
optionally using the additional information in the policy rules, by the at least one firewall, to filter data travelling through the at least one firewall. - View Dependent Claims (18, 19, 20, 21)
-
-
22. An apparatus for protecting systems connected to at least one firewall by providing additional information to the at least one firewall, the method comprises the steps of:
-
transmitting means for transmitting policy rules from at least one network entity connected to the at least one firewall;
installation means for installing the policy rules on the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol; and
implementation means for optionally using the additional information by the at least one firewall to filter data travelling through the at least one firewall.
-
- 23. The apparatus of claim 23 further comprising storage means for storing, in the option field, at least one code for indicating the type of information in the option field and at least one value for the information identified by the at least one code.
Specification