基于策略的防火墙参数配置:一个实际应用

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI:10.1109/POLICY.2007.34

M. Marchi, Romeo Penzo, A. Provetti

{"title":"基于策略的防火墙参数配置:一个实际应用","authors":"M. Marchi, Romeo Penzo, A. Provetti","doi":"10.1109/POLICY.2007.34","DOIUrl":null,"url":null,"abstract":"We describe a simple policy language for setting up and running firewalls (FW). The language allows to describe sophisticated policies for controlling network connections. Composition is done at set-up time, when a parser, starting from a given policy, generates the relative configuration file for one or more firewalls operating the industry-standard Linux Iptables kernel extension. The policy captures the essence of the desired requirements and constrains upon connections between zones. The language has been designed and it is currently on testing in the context of a large intra/extranet with more than 10,000 assigned IP addresses.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Policy-Based Parametric Firewall Configuration: A Real-Case Application\",\"authors\":\"M. Marchi, Romeo Penzo, A. Provetti\",\"doi\":\"10.1109/POLICY.2007.34\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We describe a simple policy language for setting up and running firewalls (FW). The language allows to describe sophisticated policies for controlling network connections. Composition is done at set-up time, when a parser, starting from a given policy, generates the relative configuration file for one or more firewalls operating the industry-standard Linux Iptables kernel extension. The policy captures the essence of the desired requirements and constrains upon connections between zones. The language has been designed and it is currently on testing in the context of a large intra/extranet with more than 10,000 assigned IP addresses.\",\"PeriodicalId\":240693,\"journal\":{\"name\":\"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/POLICY.2007.34\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2007.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

我们描述了一种用于设置和运行防火墙(FW)的简单策略语言。该语言允许描述用于控制网络连接的复杂策略。组合在设置时完成，此时解析器从给定策略开始，为一个或多个运行行业标准Linux Iptables内核扩展的防火墙生成相关配置文件。该策略捕获所需需求的本质，并限制区域之间的连接。该语言已经设计完成，目前正在一个拥有超过10,000个分配的IP地址的大型内/外联网环境中进行测试。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Policy-Based Parametric Firewall Configuration: A Real-Case Application

We describe a simple policy language for setting up and running firewalls (FW). The language allows to describe sophisticated policies for controlling network connections. Composition is done at set-up time, when a parser, starting from a given policy, generates the relative configuration file for one or more firewalls operating the industry-standard Linux Iptables kernel extension. The policy captures the essence of the desired requirements and constrains upon connections between zones. The language has been designed and it is currently on testing in the context of a large intra/extranet with more than 10,000 assigned IP addresses.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)

自引率

0.00%

发文量