RULE COMPILATION IN A FIREWALL
First Claim
Patent Images
1. A firewall system comprising a rule compiler operable to:
- generate a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule;
wherein evaluation of the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase results in logical application of first and subsequent rules against the network connection.
2 Assignments
0 Petitions
Accused Products
Abstract
A firewall system comprises a rule compiler operable to use florets and factoring to produce a rule data structure that enables a rules engine to apply a rule from a rule set in phases, including rules applicable during a first scan with second factors not available and rules applicable during a second scan such that only the second factors need be applied.
-
Citations
22 Claims
-
1. A firewall system comprising a rule compiler operable to:
-
generate a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule; wherein evaluation of the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase results in logical application of first and subsequent rules against the network connection. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of operating a firewall system, comprising:
-
generating a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule; wherein evaluation of the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase results in logical application of first and subsequent rules against the network connection - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A tangible machine-readable medium with instructions stored thereon, the instructions when executed operable to cause a computerized system to:
-
generate a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule; and evaluate the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase, resulting in logical application of first and subsequent rules against the network connection - View Dependent Claims (14, 15, 16, 17, 18)
-
- 19. A firewall system comprising a rule engine operable to apply a first rule from a rule set in a first phase and a second phase, the first rule including both a first phase selector applied in a first phase and a second phase selector applied in a second phase with a second phase selector from a subsequent rule, the second phase selector applied in the second phase such that the first phase selectors need not be reconsidered in application of the second phase selector.
-
21. A method of operating a firewall system, comprising:
applying a first rule from a rule set in a first phase and a second phase, the first rule including both a first phase selector applied in a first phase and a second phase selector applied in a second phase with a second phase selector from a subsequent rule, the second phase selector applied in the second phase such that the first phase selectors need not be reconsidered in application of the second phase selector. - View Dependent Claims (22)
Specification