System and method for dynamic retrieval loading and deletion of packet rules in a network firewall
First Claim
Patent Images
1. A method for loading a rule in a firewall, including:
- a. receiving a packet;
b. determining if a rule pertinent to the packet is loaded in the firewall;
c. if a rule pertinent to the packet is not loaded in the firewall, then;
i. retrieving a rule that is pertinent to the packet based upon a header parameter of the packet; and
ii. loading the rule that is pertinent to the packet into the firewall, at least one of said retrieving and said loading being implemented at a kernel layer.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for loading a filtering rule at a firewall. A firewall receives a packet and determines if a rule that pertains to the packet is loaded at the firewall. If a pertinent rule is found, it is implemented and the action prescribed by the rule for the packet is performed. If no pertinent rule is found, then a pertinent rule is retrieved from a source external to the firewall, and loaded at the firewall. The rule is then implemented for the packet. After the rule expires, e.g., when the user logs off, the rule is deleted from the firewall.
75 Citations
17 Claims
-
1. A method for loading a rule in a firewall, including:
-
a. receiving a packet;
b. determining if a rule pertinent to the packet is loaded in the firewall;
c. if a rule pertinent to the packet is not loaded in the firewall, then;
i. retrieving a rule that is pertinent to the packet based upon a header parameter of the packet; and
ii. loading the rule that is pertinent to the packet into the firewall, at least one of said retrieving and said loading being implemented at a kernel layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
submitting a query to a database; and
receiving a response that includes the rule, at least one of said submitting a query and said receiving a response being implemented at the kernel layer.
-
-
4. The method of claim 3, wherein the rule is retrieved from a database at a remote location in relation to the firewall.
-
5. The method of claim 1, further comprising implementing the rule that is pertinent to the packet.
-
6. The method of claim 5, said implementing the rule further including:
performing a DROP action on the packet.
-
7. The method of claim 6, said implementing the rule further including:
performing a PASS action on the packet.
-
8. The method of claim 1, further comprising deleting the loaded rule when the rule expires.
-
9. The method of claim 8, wherein the rule expires when a user logs off.
-
10. An apparatus for loading a firewall rule, comprising:
-
a. a processor;
b. a memory coupled to said processor, the memory for storing at least one rule and rule instructions adapted to be executed by said processor for directing the processor to receive from a sender a packet addressed to a destination, determine if a rule pertinent to the packet is loaded in a firewall, and if a rule pertinent to the packet is not determined to be loaded in the firewall, then to retrieve a rule that is pertinent to the packet and load the rule that is pertinent to the packet in the firewall, at least one of said retrieval of the rule and loading of the rule being implemented at a kernel layer;
c. means for coupling said processor and said memory to a sender and a destination. - View Dependent Claims (11, 12, 13)
-
-
14. A medium that stores processing instructions defining a method adapted to be executed by a processor, the method comprising:
-
a. receiving a packet;
b. determining if a rule pertinent to the packet is loaded in the firewall;
c. if a rule pertinent to the packet is not loaded in the firewall, then;
i. retrieving a rule that is pertinent to the packet; and
ii. loading the rule that is pertinent to the packet in the firewall, at least one of said retrieving and said loading being implemented at a kernel layer. - View Dependent Claims (15)
-
-
16. A system for loading a rule at a firewall, comprising:
-
a. means for retrieving a packet;
b. means for determining if a rule pertinent to the packet is loaded in the firewall;
c. means for retrieving the rule that is pertinent to the packet; and
d. means for loading the rule that is pertinent to the packet in the firewall, at least one of said means for retrieving and said means for loading being implemented at a kernel layer. - View Dependent Claims (17)
-
Specification