FIREWALL CONFIGURED WITH DYNAMIC MEMBERSHIP SETS REPRESENTING MACHINE ATTRIBUTES
First Claim
1. A method to control the flow of packets within a system that includes one or more computer networks comprising:
- storing policy rules in machine readable storage media that set forth attribute dependent conditions for communications among machines on the one or more networks;
obtaining respective machine attributes and corresponding machine identifiers for respective machines on the one or more networks;
transforming the policy rules to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules; and
storing the firewall rules in machine readable storage media.
2 Assignments
0 Petitions
Accused Products
Abstract
A method is provided to control the flow of packets within a system that includes one or more computer networks comprising: policy rules are provided that set forth attribute dependent conditions for communications among machines on the one or more networks; machine attributes and corresponding machine identifiers are obtained for respective machines on the networks; and policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules.
185 Citations
19 Claims
-
1. A method to control the flow of packets within a system that includes one or more computer networks comprising:
-
storing policy rules in machine readable storage media that set forth attribute dependent conditions for communications among machines on the one or more networks; obtaining respective machine attributes and corresponding machine identifiers for respective machines on the one or more networks; transforming the policy rules to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules; and storing the firewall rules in machine readable storage media. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method to control the flow of packets within a system that includes one or more computer networks comprising:
-
storing policy rules in machine readable storage media that set forth attribute dependent conditions for communications among machines on the one or more networks; obtaining respective machine attributes and corresponding machine identifiers for respective machines on the one or more networks; transforming the policy rules to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules; wherein transforming the policy rules to firewall rules further includes, matching a source attribute condition within a policy rule with one or more obtained machine attributes, matching a destination attribute condition within a policy rule with one or more obtained machine attributes; and generating a firewall rule for each combination of a machine identifier of a machine having all attributes required to satisfy the source attribute condition within the policy rule and having a machine identifier of a machine having all attributes required to satisfy the destination attribute condition within the policy rule; and storing the firewall rules in machine readable storage media. - View Dependent Claims (17, 18)
-
-
19. An article of manufacture including computer readable storage media encoded with program code to cause a processor to execute a process to control the flow of packets within a system that includes one or more computer networks comprising:
-
storing policy rules in machine readable storage media that set forth attribute dependent conditions for communications among machines on the one or more networks; obtaining respective machine attributes and corresponding machine identifiers for respective machines on the one or more networks; transforming the policy rules to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules; and storing the firewall rules in machine readable storage media.
-
Specification