Applying firewalls to virtualized environments
First Claim
1. A system for applying separate firewall rules to one or more networks connected to a computer comprising:
- a shared instance of an operating system comprising a shared filter engine and network stack shared by a plurality of virtualized environments on the computer, wherein a subset of a set of firewall rules stored in the filter engine is applied to traffic from or traffic to a network, based on a virtualized environment identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
Each virtualized environment on a computer has its own set of firewall rules. The virtualized environments share a single instance of the operating system image, a filter engine and a single network stack. A virtualized environment may be a compartment or a server silo. A virtualized environment is a network isolation mechanism and may be used to prevent use of a computer to traverse network boundaries by creating a separate virtualized environment for each network, enabling a separate set of rules to be applied to each virtualized environment and the network interfaces within it. Virtualized environments may also be used to assign different trust levels to the same physical network. Firewall rules are applied by virtualized environment identifier (ID), enabling separate filters to be applied to each virtualized environment on a computer. A virtualized environment may include or be associated with one or more network interfaces.
156 Citations
20 Claims
-
1. A system for applying separate firewall rules to one or more networks connected to a computer comprising:
a shared instance of an operating system comprising a shared filter engine and network stack shared by a plurality of virtualized environments on the computer, wherein a subset of a set of firewall rules stored in the filter engine is applied to traffic from or traffic to a network, based on a virtualized environment identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method for assigning a filter to incoming and outgoing traffic on a network comprising:
-
receiving a rule to be applied to incoming or outgoing traffic over a network; and determining that an administrator entering the rule to be applied to incoming or outgoing traffic over the network is an administrator of a virtualized environment, and in response thereto scoping the rule to the virtualized environment. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A removable computer-readable medium having program code stored thereon that, when executed by a computing environment, causes the computing environment to:
receive incoming or outgoing traffic associated with a session running in a first virtualized environment on a computer, wherein the computer comprises a plurality of virtualized environments comprising the first virtualized environment and a second virtualized environment, wherein the plurality of virtualized environments on the computer share a single operating system image, a single filter engine and a single network stack, wherein the first virtualized environment is associated with a first set of rules to be applied to traffic on a first network connected to the computer and the second virtualized environment is associated with a second set of rules to be applied to a second network connected to the computer. - View Dependent Claims (16, 17, 18, 19, 20)
Specification