Firewall installer
First Claim
1. A system comprising:
- a firewall installer to configure a firewall, the firewall installer comprising at least one processor programmed to;
(A) receive, at the firewall installer, a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being in a declarative form that specifies at least one firewall rule to be enforced by the firewall without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule; and
(B) in response to receipt of the set of configuration instructions in the declarative form, modify a firewall policy of the firewall, via the firewall installer, such that the firewall implements the at least one firewall rule, wherein modifying the firewall policy comprises;
(B1) determining whether the firewall is in operation,(B2) when it is determined that the firewall is in operation, communicating with the firewall to modify the firewall policy according to the set of configuration instructions, and(B3) when it is determined that the firewall is not in operation, making at least one edit to a data store comprising the firewall policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.
50 Citations
18 Claims
-
1. A system comprising:
-
a firewall installer to configure a firewall, the firewall installer comprising at least one processor programmed to; (A) receive, at the firewall installer, a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being in a declarative form that specifies at least one firewall rule to be enforced by the firewall without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule; and (B) in response to receipt of the set of configuration instructions in the declarative form, modify a firewall policy of the firewall, via the firewall installer, such that the firewall implements the at least one firewall rule, wherein modifying the firewall policy comprises; (B1) determining whether the firewall is in operation, (B2) when it is determined that the firewall is in operation, communicating with the firewall to modify the firewall policy according to the set of configuration instructions, and (B3) when it is determined that the firewall is not in operation, making at least one edit to a data store comprising the firewall policy. - View Dependent Claims (2, 3, 4, 5, 18)
-
-
6. A method of configuring a firewall via a firewall installer, the method comprising an act of:
(A) operating at least one processor to manage at least one software component based on information specifying changes to be made to a configuration of a computing device regarding the at least one software component, wherein managing the at least one software component comprises; (A1) changing a configuration of the at least one software component on the computing device based at least in part on the information specifying the changes to be made to the configuration of the computing device, the at least one software component not being a part of the firewall or the firewall installer, and (A2) providing to the firewall installer a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being identified by the information specifying the changes to be made to the configuration of the computing device and being in a declarative form that specifies a modification to be made to a firewall policy of the firewall such that at least one firewall rule is enforced by the firewall, the set of configuration instructions in declarative form specifying the modification without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
13. At least one computer-readable storage medium encoded with instructions that, when executed by at least one computer, cause the at least one computer to perform a method, the method comprising acts of:
-
(A) receiving, at a firewall installer, a set of configuration instructions comprising at least one configuration instruction, the set of configuration instructions being in a declarative form that specifies at least one firewall rule to be enforced by a firewall without specifying procedural steps to be carried out to configure the firewall to implement the at least one firewall rule; and (B) in response to receipt of the set of configuration instructions in the declarative form, modifying a firewall policy of the firewall, via the firewall installer, such that the firewall implements the at least one firewall rule, wherein modifying the firewall policy comprises (B1) determining whether the firewall is in operation, (B2) when it is determined that the firewall is in operation, communicating with the firewall to request that the firewall modify the firewall policy according to the set of configuration instructions, and (B3) when it is determined that the firewall is not in operation, making at least one edit to a data store comprising the firewall policy without requesting that the firewall make the at least one edit. - View Dependent Claims (14, 15, 16, 17)
-
Specification