CN113452725B - Message filtering information generation method and device - Google Patents
Message filtering information generation method and device Download PDFInfo
- Publication number
- CN113452725B CN113452725B CN202111011959.1A CN202111011959A CN113452725B CN 113452725 B CN113452725 B CN 113452725B CN 202111011959 A CN202111011959 A CN 202111011959A CN 113452725 B CN113452725 B CN 113452725B
- Authority
- CN
- China
- Prior art keywords
- address
- current
- port
- preset
- message filtering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message filtering information generation method and a device, wherein the method comprises the following steps: displaying a message filtering information editing interface comprising an address port editing frame and a strategy editing frame; responding to a first operation instruction triggered based on an address port edit box, and displaying an address port selection area comprising a preset address port group and a historical message filtering example; responding to a first selection instruction triggered based on an address port selection area to obtain a current address port; responding to a second operation instruction triggered based on the strategy edit box, and displaying a strategy selection area comprising a plurality of preset message filtering strategies; responding to a third selection instruction triggered based on the strategy selection area to obtain a current message filtering strategy; and generating and displaying current message filtering information according to the current address port and the current message filtering strategy. According to the method and the device, the precision and the speed of generating the current message filtering information can be improved, and the privacy and the safety of the system are improved through the current message filtering information.
Description
Technical Field
The application belongs to the technical field of computers, and particularly relates to a message filtering information generation method and device.
Background
Internet Protocol (IP) packet filtering systems (iptables) are used to control IP packet filtering and firewall configuration. A firewall refers to a combination of a series of components disposed between different networks or network security domains, which can enhance privacy and security of the internal network of an organization. The firewall may determine whether IP packets may be forwarded to or from the intranet based on the type of network transmission.
In the prior art, an iptables rule is configured in response to a configuration instruction of a complex command line, and each IP address needs to be configured with one rule, but the iptables rule is complex and has many parameters, and the configuration mode in the prior art has high complexity, so that the configuration precision of the iptables rule is reduced, and the consumption of system resources is increased.
Disclosure of Invention
In order to solve the above technical problem, the present application provides a method and an apparatus for generating message filtering information.
On one hand, the application provides a method for generating message filtering information, and the method comprises the following steps:
displaying a message filtering information editing interface comprising an address port editing frame and a strategy editing frame;
responding to a first operation instruction triggered based on the address port editing frame, and displaying an address port selection area comprising a preset address port group and a historical message filtering example in the message filtering information editing interface, wherein the preset address port group is generated based on a plurality of preset address ports, and the historical message filtering example is created based on a preset address port and a preset message filtering strategy;
responding to a first selection instruction triggered based on the address port selection area, and taking a preset address port group corresponding to the first selection instruction and/or an address port in a historical message filtering example as a current address port;
responding to a second operation instruction triggered based on the strategy edit box, and displaying a strategy selection area comprising a plurality of preset message filtering strategies in the message filtering information edit interface;
responding to a third selection instruction triggered based on the strategy selection area, and taking a message filtering strategy corresponding to the third selection instruction as a current message filtering strategy;
generating current message filtering information according to the current address port and the current message filtering strategy;
and displaying the current message filtering information.
On the other hand, an embodiment of the present application provides a device for generating packet filtering information, where the device includes:
the editing interface display module is used for displaying a message filtering information editing interface comprising an address port editing frame and a strategy editing frame;
a first operation instruction response module, configured to respond to a first operation instruction triggered based on the address port edit box, and display an address port selection area including a preset address port group and a history packet filtering instance in the packet filtering information edit interface, where the preset address port group is generated based on a plurality of preset address ports, and the history packet filtering instance is created based on a preset address port and a preset packet filtering policy;
a first selection instruction response module, configured to respond to a first selection instruction triggered based on the address port selection area, and use an address port in a preset address port group and/or a history packet filtering instance corresponding to the first selection instruction as a current address port;
the second operation instruction response module is used for responding to a second operation instruction triggered based on the strategy edit box and displaying a strategy selection area comprising a plurality of preset message filtering strategies in the message filtering information edit interface;
a third selection instruction response module, configured to respond to a third selection instruction triggered based on the policy selection area, and use a packet filtering policy corresponding to the third selection instruction as a current packet filtering policy;
a current message filtering information generating module, configured to generate current message filtering information according to the current address port and the current message filtering policy;
and the display module is used for displaying the current message filtering information.
In another aspect, the present application provides an electronic device, which includes a processor and a memory, where at least one instruction or at least one program is stored in the memory, and the at least one instruction or the at least one program is loaded by the processor and executed to implement the message filtering information generating method as described above.
In another aspect, the present application provides a computer-readable storage medium, in which at least one instruction or at least one program is stored, and the at least one instruction or the at least one program is loaded and executed by a processor to implement the message filtering information generating method as described above.
The message filtering information generating method and device provided by the embodiment of the application show a message filtering information editing interface comprising an address port editing frame and a strategy editing frame, respond to an operation instruction and a selection instruction in the message filtering information interface, generate current message filtering information, and simultaneously show the current message filtering information, so that the embodiment of the application generates the current message filtering information in a mode of responding to graphic visualization operation, reduces the complexity of the generation of the current message filtering information, and improves the precision and the speed of the generation of the current message filtering information; in addition, the address port selection area comprises a preset address port group and a historical message filtering example, and the address port in the preset address port group and/or the historical message filtering example corresponding to the first selection instruction can be used as the current address port in response to the first selection instruction triggered based on the address port selection area.
Drawings
In order to more clearly illustrate the technical solutions and advantages of the embodiments of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of an implementation environment of a message filtering information generation method according to an exemplary embodiment.
Fig. 2 is a flowchart illustrating a message filtering information generating method according to an exemplary embodiment.
Fig. 3 is a diagram illustrating a generation of a preset address group according to an exemplary embodiment.
Fig. 4 is a diagram illustrating an address selection area including a preset private address, a preset address group, and a history packet filtering example according to an example embodiment.
FIG. 5 is a schematic diagram illustrating one type of generating a preset port group in accordance with an exemplary embodiment.
Fig. 6 is a diagram illustrating a port selection area including a default port group and a history packet filtering example according to an example embodiment.
Fig. 7 is a flowchart illustrating a process for downloading current packet filtering information according to an example embodiment.
Fig. 8 is a flowchart illustrating a process of displaying a message filtering information control interface and switching the message filtering information control interface and a message filtering information editing interface according to an exemplary embodiment.
Fig. 9 is a diagram illustrating a message filtering information control interface in accordance with an illustrative embodiment.
Fig. 10 is a diagram illustrating another message filtering information control interface in accordance with an illustrative embodiment.
Fig. 11 is a diagram illustrating a message filtering information editing interface including an inbound address edit box, an inbound port edit box, and an inbound policy edit box, according to an example embodiment.
Fig. 12 is a diagram illustrating a message filtering information editing interface including an outbound address edit box, an outbound port edit box, and an outbound policy edit box, according to an example embodiment.
Fig. 13 is a flowchart illustrating filtering a message to be processed according to an exemplary embodiment.
Fig. 14 is a diagram illustrating the technical architecture of a message filtering system in accordance with an exemplary embodiment.
Fig. 15 is a schematic diagram illustrating a route for packet forwarding according to an example embodiment.
Fig. 16 is a diagram illustrating a route for passing a message into a native machine according to an example embodiment.
FIG. 17 is a first operational schematic diagram of a memory module shown in accordance with an exemplary embodiment.
FIG. 18 is a second operational schematic diagram of a memory module shown in accordance with an exemplary embodiment.
FIG. 19 is a third operational schematic diagram of a memory module shown in accordance with an exemplary embodiment.
FIG. 20 is a schematic diagram illustrating the storage principles of a log module in accordance with an exemplary embodiment.
Fig. 21 is a block diagram illustrating a message filtering information generating apparatus according to an example embodiment.
Fig. 22 is a block diagram illustrating an electronic device for message filtering information generation in accordance with an example embodiment.
Detailed Description
Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
The cloud technology is a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied based on a cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing. Specifically, cloud technologies include the technical fields of security, big data, databases, industrial applications, networks, storage, management tools, computing, and the like.
Specifically, the embodiment of the application relates to a cloud security technology in a cloud technology.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram of an implementation environment of a message filtering information generation method according to an exemplary embodiment. As shown in fig. 1, the implementation environment may include at least a client 01 and a server 02.
The client 01 may be configured to display a message filtering information editing interface including an address port editing box and a policy editing box, and generate current message filtering information in response to an operation instruction triggered by the address port editing box and the policy editing box. Optionally, the client 01 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a vehicle-mounted terminal, a smart television, a smart voice interaction device, and the like, but is not limited thereto. The client 01 and the server 02 may be directly or indirectly connected through wired or wireless communication, and the present application is not limited thereto.
The server 02 may be configured to provide a background service for the client 01. Alternatively, the server 02 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud computing services.
It should be noted that fig. 1 is only one implementation environment of the message filtering information generation method provided in the embodiment of the present application, and in practical application, other implementation environments may also be included. For example, the implementation environment may include only clients.
Fig. 2 is a flowchart illustrating a message filtering information generating method according to an exemplary embodiment. The method may be used in the implementation environment of fig. 1. The present specification provides the method steps as described in the examples or flowcharts, but may include more or fewer steps based on routine or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system or server product may be implemented in a sequential or parallel manner (e.g., parallel processor or multi-threaded environment) according to the embodiments or methods shown in the figures. Specifically, as shown in fig. 2, the method may include:
and S101, displaying a message filtering information editing interface comprising an address port editing frame and a strategy editing frame.
In an optional embodiment, a message filtering information generating function may be deployed on the server, a user corresponding to the client may open a browser in the client, and input a website of the server in the browser, and the client may access the server through the browser and the website, thereby using the message filtering information generating function. When the client uses the message filtering information generating function, a message filtering information editing interface comprising an address port editing box and a strategy editing box can be displayed. The client can conveniently use the message filtering information generating function in a mode of accessing the server through the browser, so that the current message filtering information can be generated in a mode of responding to graphic visual operation, the complexity and the cost of generating the current message filtering information are further reduced, and the accuracy and the speed of generating the current message filtering information are improved.
In another optional embodiment, the message filtering information generating function may also be directly installed in the client, and the client may respond to a user corresponding to the client, and based on an opening instruction triggered by the message filtering information generating function, use the message filtering information generating function, and display a message filtering information editing interface including an address port editing box and a policy editing box. The client generates the current message filtering information through the locally installed message filtering information generating function without depending on other systems and services, so that the complexity and the cost of the current message filtering information generation are reduced, and the accuracy and the speed of the current message filtering information generation are improved.
Specifically, the message filtering information editing interface is used for editing message filtering information.
Specifically, the address port edit box is used for editing an IP address and a protocol port, and the policy edit box is used for editing a filtering policy.
Specifically, the address port edit box includes an address edit box for editing the IP address and a port edit box for editing the protocol port.
The protocol port is an outlet for communication between the equipment and the outside. Each protocol port has a positive integer identifier, such as: 80, 139, 445, etc. When the destination host receives the data packet, the data is sent to the corresponding port according to the destination port number of the packet header, and the process corresponding to the port takes the data and waits for the next group of data to arrive.
Alternatively, the Protocol port includes, but is not limited to, a Transmission Control Protocol (TCP) port, a User Datagram Protocol (UDP) port, and the like.
S103, responding to a first operation instruction triggered based on the address port editing frame, displaying an address port selection area comprising a preset address port group and a historical message filtering example in the message filtering information editing interface, wherein the preset address port group is generated based on a plurality of preset address ports, and the historical message filtering example is created based on a preset address port and a preset message filtering strategy.
Specifically, the first operation instruction includes, but is not limited to: click, long press, drag, etc.
Specifically, the address port selection area may include an address selection area and a port selection area, the preset address port group may include a preset address group and a preset port group, the address selection area includes a preset address group and a history packet filtering instance, the port selection area includes a preset port and a history packet filtering instance, the preset address group is generated based on a plurality of preset address ports, and the preset port group is generated based on a plurality of preset ports.
Specifically, the address port selection area may include at least one preset address port group and at least one history packet filtering instance, where each preset address port group is generated by a plurality of preset address ports, and each history packet filtering instance is created based on a preset address port and a preset packet filtering policy.
For example, if the number of the plurality of preset address ports is N (N is a positive integer greater than 1), a plurality of preset address ports may be selected from the N preset address ports in advance according to actual needs, and a group of preset address ports may be generated according to the plurality of preset address ports.
Specifically, the history packet filtering instance is an instance created based on a preset address port and a preset packet filtering policy at a history time. Because the historical message filtering example is created based on the preset address port and the preset message filtering strategy, the historical message filtering example comprises the preset address port and the preset message filtering strategy.
And S105, responding to a first selection instruction triggered based on the address port selection area, and taking a preset address port group corresponding to the first selection instruction and/or an address port in a historical message filtering example as a current address port.
Specifically, the first selection instruction may be an instruction triggered by clicking and dragging the content in the address port selection area. If the first selection instruction selects a preset address port group, the preset address port group is used as a current address port, and if the first selection instruction selects a history message filtering example, the address port in the history message filtering example is used as the current address port.
In particular, the current address port may include a current address and a current port.
And S107, responding to a second operation instruction triggered based on the strategy edit box, and displaying a strategy selection area comprising a plurality of preset message filtering strategies in the message filtering information edit interface.
Specifically, the second operation instruction includes, but is not limited to: click, long press, drag, etc.
Specifically, the preset message filtering policy may include two types of rejection and permission. Wherein, rejecting means blocking the message and allowing means passing the message.
S109, responding to a third selection instruction triggered based on the strategy selection area, and taking a message filtering strategy corresponding to the third selection instruction as a current message filtering strategy.
The third selection instruction may include an instruction triggered by clicking and dragging the message filtering policy in the policy selection area.
Optionally, under the condition that the number of the preset message filtering strategies is large, a scroll bar may be arranged on a side bar of the strategy selection area, and the position of the preset message filtering strategy in the strategy selection area is adjusted by scrolling the scroll bar, so that the flexibility of filtering strategy selection is improved.
S1011, generating current message filtering information according to the current address port and the current message filtering strategy.
Optionally, the current address port and the current packet filtering policy may be directly used as the current packet filtering information.
Optionally, the current address port and the current packet filtering policy may be processed according to a preset template, so as to generate the current packet filtering information.
And S1013, displaying the current message filtering information.
According to the method and the device, the current message filtering information is generated in a mode of responding to the visual operation of the graph on the message filtering information editing interface, so that the complexity of the current message filtering information generation is reduced, and the accuracy of the current message filtering information generation is improved; in addition, the address port selection area comprises a preset address port group and a historical message filtering example, and a first selection instruction triggered based on the address port selection area can be responded, and the address port in the preset address port group and/or the historical message filtering example corresponding to the first selection instruction is/are used as the current address port, so that the problem of high system resource consumption caused by generating filtering information by taking each address port as a unit is avoided, and the consumption of the current message filtering information generation process on system resources is reduced; in addition, when a certain message filtering information is set, there may be a need for calling the filtering information already set (for example, when the IP address of the department b is controlled, the filtering information of the IP address of the department a configured is needed), so that, when the historical message filtering example is selected in the address port selection area, the address port in the history message filtering example can be directly called (for example, when the IP address of the department b is controlled, the configured filtering information in the department a is called), the requirement of hierarchical calling among the message filtering examples is met, the selection operation in the current address port generating process is reduced, the speed of determining the current message filtering information is further improved, and the consumption of system resources in the current message filtering information generating process is further reduced.
In an optional embodiment, the address port edit box includes an address edit box, the address port select area includes an address select area, the preset address port group includes a preset address group, the current address port includes a current address, and the preset address port includes a preset address and a preset port, then in step S103, the displaying in the message filtering information edit interface in response to a first operation instruction triggered based on the address port edit box, the address port select area including the preset address port group and a history message filtering example, may include:
responding to the first operation instruction triggered based on the address edit box, and displaying the address selection area comprising a preset private address, the preset address group and the historical message filtering example in a preset area of the position of the address edit box; the preset address group is generated based on a plurality of preset addresses, and the historical message filtering example is created based on the preset addresses, the preset ports and the preset message filtering strategy.
Specifically, the preset private address refers to an address used in a local area network. The address range of the preset private address may be as shown in table 1.
TABLE 1 Address Range for Preset private Address
| Network classification | ip address range | Network number |
| Class a net | 10.0.0.0~10.255.255.255 | 1 |
| Class b net | 172.16.0.0~172.31.255.255 | 16 |
| class c net | 192.168.0.0~192.168.255.255 | 255 |
In the network control process, the access control to the private address network segment is carried out in a larger proportion, so that the option of displaying the preset private address in the address selection area is beneficial to quickly selecting the preset private address, the speed and the precision of generating the current address port are improved, and the speed and the precision of generating the message filtering information are further improved.
Alternatively, the preset area of the position of the address edit box may be a surrounding area of the address edit box.
Specifically, the history packet filtering instance is created based on the preset address, the preset port, and the preset packet filtering policy at a history time.
Fig. 3 is a diagram illustrating a generation of a preset address group according to an exemplary embodiment. As shown in fig. 3, when the preset address group needs to be generated, a preset address group editing interface may be displayed, where the preset address group editing interface may include an identification editing frame, an address editing frame, preset address group generation control information, preset address group cancellation control information, and the like of the preset address group. The method comprises the steps of responding to an operation instruction triggered by an identification edit box, generating identification information of a preset address group, responding to the operation instruction triggered by the address edit box, generating a plurality of preset addresses, responding to the operation instruction triggered by control information generated based on the preset address group, and generating a group of preset address groups according to the identification information and the plurality of preset ports. When the preset address group does not need to be generated according to the selected plurality of preset addresses, the configuration of the preset address group can be cancelled in response to an operation instruction triggered by the cancel control information based on the preset address group.
Specifically, the preset address group generation control information and the preset address group cancellation control information may be operable areas or controls in the preset address group editing interface.
Alternatively, the operation instruction triggered based on the identification edit box may be an input instruction.
Alternatively, the operation instruction triggered by the address edit box may be an input instruction or a selection instruction. When the operation instruction triggered based on the address edit box is a selection instruction, the operation instruction may be displayed in a preset area where the address edit box is located in response to the selection instruction, where the preset area includes a plurality of preset addresses, and then the operation instruction triggered in response to the address selection area displays a preset address corresponding to the selection instruction in the preset address edit box.
Optionally, the identification information is used to uniquely identify the preset address group, and includes, but is not limited to, a name, a number, and the like of the preset address group.
Fig. 4 is a diagram illustrating an address selection area including a preset private address, the preset address group, and the history packet filtering example according to an exemplary embodiment. As shown in fig. 4, the address selection area including the preset private address, the preset address group, and the history packet filtering example may be displayed in a lower area of the address edit box in response to the first operation instruction triggered based on the address edit box.
Optionally, as shown in fig. 4, the address selection area may be divided into three intervals from top to bottom, and each interval shows one of the contents of the preset private address, the preset address group, and the history packet filtering example.
Optionally, in order to improve the speed and accuracy of current address generation, a scroll bar may be further disposed in a sidebar in the address selection area, and the scroll bar controls display of the preset private address, the preset address group, and the history packet filtering example.
Optionally, in step S105, the responding to the first selection instruction triggered based on the address port selection area, and taking the address port in the preset address port group and/or the history packet filtering instance corresponding to the first selection instruction as the current address port may include:
and in response to the first selection instruction triggered based on the address selection area, taking at least one of a preset private address corresponding to the first selection instruction, an address in a history message filtering instance, or a preset address group as the current address.
Specifically, as shown in fig. 4, in response to a first selection instruction triggered based on the address selection area, if the selected preset private address is the preset private address, the preset private address is directly used as the current address, if the selected preset address is the preset address group, the preset address in the preset address group is used as the current address, and if the selected history packet filtering instance is the history packet filtering instance, the address in the history packet filtering instance is used as the current address.
It should be noted that, selecting a current address in the displayed address selection area may be performed at least once, assuming that the user selects three times, the first time selects a certain preset private address, the second time selects a certain preset address group, and the third time selects a certain historical message filtering example, the current address may include the certain preset private address, an address in the certain preset address group, and an address in the certain historical message filtering example.
In an optional embodiment, in order to facilitate the presentation of the selected current address to the user and improve the visualization capability with the user, the current address may be presented in the message filtering information editing interface.
In the embodiment of the application, the address selection area including the preset private address, the preset address group and the history message filtering example is displayed in the preset area of the position where the address edit box is located in response to the first operation instruction triggered based on the address edit box, so that the current address is determined in the address selection area, and the speed and the precision of determining the current address are improved through visualization operation. In addition, the address selection area includes a preset private address, a preset address port group and a historical packet filtering instance, and at least one of the preset address group, the address in the historical packet filtering instance or the preset private address corresponding to the first selection instruction can be used as the current address in response to the first selection instruction triggered based on the address selection area, so that the problem of high system resource consumption caused by generating filtering information by using each address as a unit is avoided, and the consumption of system resources in the current packet filtering information generation process is reduced. In addition, in the process of generating the current address, the address in the historical message filtering example can be directly called, so that the steps of generating the current address are reduced, and the speed of generating message filtering information is further increased.
In an optional embodiment, the address port edit box includes a port edit box, the address port select area includes a port select area, the preset address port group includes a preset port group, the current address port includes a current port, and in step S103, the address port select area, which is displayed in the message filtering information edit interface in response to the first operation instruction triggered based on the address port edit box and includes the preset address port group and the history message filtering instance, may include:
and responding to the first operation instruction triggered based on the port edit box, and displaying the port selection area comprising the preset port group and the historical message filtering example in a preset area of the position of the port edit box, wherein the preset port group is generated based on a plurality of preset ports.
Specifically, the preset area where the port edit box is located may be a surrounding area of the port edit box.
FIG. 5 is a schematic diagram illustrating one type of generating a preset port group in accordance with an exemplary embodiment. As shown in fig. 5, when the preset port group needs to be generated, a preset port group editing interface may be displayed, where the preset port group editing interface may include an identifier editing box, a port editing box, preset port group generation control information, preset port group cancellation control information, and the like of the preset port group. The generation process of the preset port group is similar to the generation process of the preset address group, and is not described herein again.
Fig. 6 is a diagram illustrating the port selection area including the preset port group and the history packet filtering example according to an exemplary embodiment. As shown in fig. 6, the port selection area including the preset port group and the history packet filtering example may be displayed in a lower area of the port edit box in response to the first operation instruction triggered based on the port edit box.
Optionally, as shown in fig. 6, the port selection area may be divided into two intervals from top to bottom, and each interval shows a preset port group and the history packet filtering example.
Optionally, in order to improve the speed and accuracy of current address generation, a scroll bar may be further disposed in a sidebar in the address selection area, and the scroll bar controls display of the preset private address, the preset address group, and the history packet filtering example.
Optionally, in step S105, the responding to the first selection instruction triggered based on the address port selection area, and taking the address port in the preset address port group and/or the history packet filtering instance corresponding to the first selection instruction as the current address port may include:
and in response to the first selection instruction triggered based on the port selection area, taking the port in the preset port group and/or the historical packet filtering instance corresponding to the first selection instruction as the current port.
Specifically, in response to a first selection instruction triggered based on the port selection area, if the selected preset private address is the preset private address, the preset private address is directly used as the current address, if the selected preset port group is the preset port group, the preset port in the preset port group is used as the current port, and if the selected history packet filtering instance is the history packet filtering instance, the port in the history packet filtering instance is used as the current port.
It should be noted that, at least one selection may be performed to select a current port in the illustrated port selection area, and the number of times of selecting in the port selection area is the same as the number of times of selecting in the address selection area. Assuming that the user selects three times, the first time is a certain preset port group, the second time is another preset port group, and the third time is a certain historical message filtering example, the current port includes the certain preset port group, the another preset port group and a port in the certain historical message filtering example.
In an optional embodiment, in order to facilitate the presentation of the selected current port to the user and improve the visualization capability with the user, the current port may be presented in the message filtering information editing interface.
In this embodiment of the application, in response to the first operation instruction triggered based on the port edit box, the port selection area including the preset address group and the history packet filtering example is displayed in a preset area of a position where the port edit box is located, so that a current port is determined in the port selection area, and speed and accuracy of determining the current port are improved through visualization operations. In addition, the port selection area comprises a preset address port group and a historical message filtering example, and the address in the preset port group and the historical message filtering example corresponding to the first selection instruction can be used as the current address in response to the first selection instruction triggered based on the port selection area, so that the problem of high system resource consumption caused by generation of filtering information by taking each port as a unit is solved, and the consumption of system resources in the current message filtering information generation process is reduced. In addition, in the process of generating the current address, the address in the historical message filtering example can be directly called, so that the steps of generating the current address are reduced, and the speed of generating message filtering information is further increased.
Fig. 7 is a flowchart illustrating a process for downloading current packet filtering information according to an example embodiment. As shown in fig. 7, in an alternative embodiment, the method may further include:
s201, responding to a message filtering information writing instruction, writing the current message filtering information into a preset file, and obtaining current filtering script information.
And S203, displaying the current filtering script information.
S205, responding to a downloading instruction triggered based on the current filtering script information, and sending the current filtering script information to a target object.
Specifically, the preset file may be a shell script, where the shell script is a program file that is convenient to call and places various commands in a file in advance.
After the current message filtering message is obtained, the current message filtering information can be written into the shell script and displayed at the client side for a target object (such as a user) to download, so that the current message filtering information is visually displayed for the user, the information interaction efficiency between the system and the user is improved, and the user can conveniently understand, evaluate and analyze the current message filtering information.
Fig. 8 is a flowchart illustrating a process of displaying a message filtering information control interface and switching the message filtering information control interface and a message filtering information editing interface according to an exemplary embodiment. As shown in fig. 8, in an alternative embodiment, the address edit boxes include an inbound address edit box and an outbound address edit box, the port edit boxes include an inbound port edit box and an outbound port edit box, and the policy edit box includes an inbound policy edit box and an outbound policy edit box, and the method may further include:
s301, a message filtering information control interface comprising first interface control information, second interface control information and editing interface control information is displayed, wherein the message filtering information control interface comprises an outgoing message filtering information control interface and an incoming message filtering information control interface, the first interface control information is used for switching the incoming message filtering information control interface into the outgoing message filtering information control interface, and the second interface control information is used for switching the outgoing message filtering information control interface into the incoming message filtering information control interface.
And S303, under the condition that the message filtering information control interface is the incoming message filtering information control interface, responding to a fourth operation instruction triggered based on the editing interface control information, and displaying the message filtering information editing interface comprising the incoming address editing frame, the incoming port editing frame and the incoming strategy editing frame.
S305, responding to a fifth operation instruction triggered based on the first interface control information, and switching the incoming message filtering information control interface into the outgoing message filtering information control interface.
And S307, responding to a sixth operation instruction triggered based on the editing interface control information, and displaying the message filtering information editing interface comprising the outbound address editing frame, the outbound port editing frame and the outbound strategy editing frame.
Specifically, "inbound" refers to IP packets (i.e., messages) entering the filtering system, and "outbound" refers to messages leaving the filtering system for external access. Alternatively, the filtering system may be a filtering module provided in the client or may be a separate filtering server.
Specifically, the inbound address edit box is configured to edit a current inbound address, the current inbound port edit box is configured to edit a current inbound port, the inbound policy edit box is configured to edit a current inbound packet filtering policy, the outbound address edit box is configured to edit a current outbound address, the outbound port edit box is configured to edit a current outbound port, and the outbound policy edit box is configured to edit a current outbound packet filtering policy.
Specifically, the first interface control information, the second interface control information, and the editing interface control information may be operable regions or controls in the message filtering information editing interface.
Specifically, the editing interface control information is used to trigger the display of the message filtering information editing interface.
Specifically, the configured information such as the current incoming address, the current incoming port, the current incoming packet filtering policy, and the selection time may be displayed in the incoming packet filtering information control interface.
Specifically, the configured information such as the current outbound address, the current outbound port, the current outbound packet filtering policy, and the selection time may be displayed in the outbound packet filtering information control interface.
Specifically, the fourth operation instruction and the fifth operation instruction may be instructions corresponding to operations such as clicking, long-time pressing, dragging, and the like.
Fig. 9 is a diagram illustrating a message filtering information control interface in accordance with an illustrative embodiment. Fig. 10 is a diagram illustrating another message filtering information control interface in accordance with an illustrative embodiment. Fig. 11 is a diagram illustrating a message filtering information editing interface including an inbound address edit box, an inbound port edit box, and an inbound policy edit box, according to an example embodiment. Fig. 12 is a diagram illustrating a message filtering information editing interface including an outbound address edit box, an outbound port edit box, and an outbound policy edit box, according to an example embodiment. As shown in fig. 9, at this time, the inbound message filtering information control interface is shown, and the inbound message filtering information control interface may be switched to the outbound message filtering information control interface shown in fig. 10 in response to an operation instruction triggered based on the first interface control information.
When responding to an operation instruction triggered based on the "editing interface control information" on the basis of fig. 9, a message filtering information editing interface as shown in fig. 11 may be displayed, the message filtering information editing interface shown in fig. 11 may further include incoming filtering information generation control information and incoming filtering information cancellation control information, the current incoming message filtering information may be generated according to the current incoming address, the current incoming port, and the current incoming message filtering policy in response to an operation instruction started based on the incoming filtering information generation control information, and the generation of the current incoming message filtering information may be cancelled in response to an operation instruction triggered based on the incoming filtering information cancellation control information.
When responding to an operation instruction triggered based on the "editing interface control information" on the basis of fig. 10, a message filtering information editing interface as shown in fig. 12 may be displayed, the message filtering editing interface shown in fig. 12 may further include outgoing filtering information generation control information and outgoing filtering information cancellation control information, the current incoming message filtering information may be generated according to the current incoming address, the current incoming port, and the current incoming message filtering policy in response to the operation instruction triggered based on the outgoing filtering information generation control information, and the generation of the current incoming message filtering information may be cancelled in response to the operation instruction triggered based on the outgoing filtering information cancellation control information.
Optionally, the edit interface control information, the outbound filtering information generation control information, and the outbound filtering information cancellation control information may be operable areas or controls in the message filtering information control interface.
In the embodiment of the disclosure, incoming message filtering information is displayed on the incoming message filtering information control interface, outgoing message filtering information is displayed on the outgoing message filtering information control interface, display of the message filtering information editing interface is controlled by the editing interface control information, and switching between the incoming message filtering information control interface and the outgoing message filtering information control interface is controlled by the first interface control information and the second interface control information, so that the visualization capability of the current message filtering information generation process and the flexibility of message filtering information configuration are improved, and the interactive operation of a system among users is reduced, thereby improving the generation speed of the current message filtering information and reducing the consumption of system resources in the current message filtering information generation process.
In an optional embodiment, the message filtering information control interface includes instance generation information, the method further includes a step of creating the history message filtering instance, and the step of creating the history message filtering instance includes:
in the historical time before the current time, responding to a third operation instruction triggered based on the example generation information, and creating the historical message filtering example according to a historical address port and a historical message filtering strategy; the history packet filtering policy is determined based on a plurality of preset packet filtering policies in a policy selection area shown in the history time, the history address port is determined based on a preset address port group in an address port selection area shown in the history time, and a previous history packet filtering example is determined based on an example created at a time before the history time.
Specifically, as shown in fig. 10, the "instance generation information" may be an operable area or control in the message filtering editing interface for generating a message filtering instance.
The following describes the creation process of the history packet filtering policy in detail:
when responding to the first operation instruction triggered based on the address port edit box for the first time, because the first operation instruction is triggered for the first time, and at this time, a history message filtering example is not created yet, an address port selection area including a preset address port group is displayed in a message filtering information edit interface, and then the preset address port group is selected from the address selection area as a history address port in response to the first selection instruction triggered based on the address port selection area. And then responding to a second operation instruction triggered based on a strategy editing frame, displaying a strategy selection area comprising a plurality of preset message filtering strategies in the message filtering information editing interface, and responding to a third selection instruction triggered based on the strategy selection area, wherein the message filtering strategy corresponding to the third selection instruction is used as a historical message filtering strategy. The selected historical address port and the selected historical message filtering strategy are displayed in a message filtering information control interface shown in fig. 10, and the instance generation information is clicked, so that a first historical message filtering instance is created.
If the first operation instruction is subsequently responded again, because a historical message filtering example is generated at the historical time before the time, the historical message filtering example can be displayed in a message filtering information editing interface, the address port selection area comprising the preset address port group and the historical message filtering example is selected from the preset address port group and/or the created historical message filtering example (namely the historical address port is determined based on the preset address port group in the address port selection area displayed at the historical time and the previous historical message filtering example), then the message filtering strategy is selected from the strategy selection area as the historical message filtering strategy, and finally, the example generation information is clicked, so that a second historical message filtering example is generated.
By analogy, each time an operation instruction is triggered, a history message filtering example can be created according to the method.
In the embodiment of the application, the historical message filtering example is created based on the example generation information in the filtering information editing interface and the pattern visualization operation mode, so that the speed of creating the historical message filtering example is increased, and the consumption of system resources in the creating process of the historical message filtering example is reduced.
In an optional embodiment, the generating the current packet filtering information according to the current address port and the current packet filtering policy in step S1011 may include: and generating the current incoming message filtering information based on the current incoming address, the current incoming port and the current incoming message filtering strategy.
And generating the current outbound message filtering information based on the current outbound address, the current outbound port and the current outbound message filtering strategy.
In the embodiment of the application, the current incoming message filtering information is generated based on the current incoming address, the current incoming port and the current incoming message filtering strategy, and the current outgoing message filtering information is generated based on the current outgoing address, the current outgoing port and the current outgoing message filtering strategy, so that the current incoming message filtering information and the current outgoing message filtering information are generated based on the preset address port group and/or the address ports in the historical message filtering examples and the preset message filtering strategy, the problem of high system resource consumption caused by generation of filtering information by taking each address port as a unit is solved, the consumption of system resources in the current message filtering information generation process is reduced, and the generation speed of the current message filtering information is increased.
In an optional embodiment, the generating the current incoming packet filtering information based on the current incoming address, the current incoming port, and the current incoming packet filtering policy may include:
and acquiring a first preset message filtering information template.
And adding the current incoming address, the current incoming port and the current incoming message filtering strategy to the first preset message filtering information template to obtain the current incoming message filtering information.
Specifically, iptables command parameters corresponding to three functional parameters, namely an ingress address, an ingress port and an ingress policy, are-s, -dport and-j respectively.
Optionally, the first preset message filtering information template may be: iptables-A INPUT-s "ingress Address" -p tcp- -dport "ingress Port" -j "ingress policy".
The current incoming address, the current incoming port, and the current incoming packet filtering policy may be added to a corresponding position in a first preset packet filtering information template, so as to obtain current incoming packet filtering information.
In an optional embodiment, the generating the current outbound packet filtering information based on the current outbound address, the current outbound port, and the current outbound packet filtering policy may include:
and acquiring a second preset message filtering information template.
And adding the current outbound address, the current outbound port and the current outbound message filtering strategy to the second preset message filtering information template to obtain the current outbound message filtering information.
Specifically, iptables command parameters corresponding to three functional parameters, namely an outbound address, an outbound port and an outbound policy, are-d, -dport and-j respectively.
Optionally, the second preset message filtering information template may be: iptables-A OUTPUT-d "outbound address" -p tcp- -dport "outbound port" -j "outbound policy".
The current outbound address, the current outbound port, and the current outbound packet filtering policy may be added to a corresponding position in a second preset packet filtering information template, so as to obtain current outbound packet filtering information.
In the embodiment of the application, the preset message filtering information template can enable the functional parameters to be strictly matched with the command parameters, so that the current incoming message filtering information and the current outgoing message filtering information are generated according to the preset message filtering information template, and the generated current incoming message filtering information and the current outgoing message filtering information have high precision.
In an alternative embodiment, the number of the current incoming message filtering information and the current outgoing message filtering information may be more than one, in order to avoid the problem that the configured current incoming message filtering information and the current outgoing message filtering information can not be matched with the message to be processed, the incoming message filtering information of a plurality of bases and the outgoing message filtering information of a plurality of bases can be set, and all the incoming message filtering strategies for preserving the incoming message filtering information are set as refusal, meanwhile, the outgoing message filtering strategies of the outgoing message filtering information of a plurality of guaranteed bottoms are all set as allowed, therefore, the problem that the messages to be processed cannot be accurately filtered due to the fact that the configured current incoming message filtering information and the configured current outgoing message filtering information cannot be matched with the messages to be processed is solved, and the filtering precision of the messages to be processed and the safety of a network system are improved.
In another alternative embodiment, in order to avoid the conflict between the generated current message filtering information and the original message filtering information of the system, a clearing parameter ("iptables-F") may be added to clear the filtering information in the two filtering information chains of the original incoming message filtering information and the original outgoing message filtering information.
In an alternative embodiment, fig. 13 is a schematic flowchart illustrating a process of filtering a message to be processed according to an exemplary embodiment. As shown in fig. 13, the method may further include:
s401, obtaining a message to be processed, wherein the message to be processed comprises a message address and a message port.
S403, matching the message address with the current incoming address to obtain an incoming address matching result, and matching the message port with the current incoming port to obtain an incoming port matching result.
S405, under the condition that the incoming address matching result and the incoming port matching result meet a first preset condition, filtering the message to be processed through the current incoming message filtering strategy to obtain a filtered message.
And S407, matching the message address in the filtered message with the current outgoing address to obtain an outgoing address matching result, and matching the message port in the filtered message with the current outgoing port to obtain an outgoing port matching result.
And S409, under the condition that the outgoing address matching result and the outgoing port matching result meet a second preset condition, filtering the filtered message through the current outgoing message filtering strategy to obtain a filtering result corresponding to the message to be processed.
Specifically, after the current packet filtering information (including the current incoming packet filtering information and the current outgoing packet filtering information) is generated, the current packet filtering information may be filtered by a filtering module in the client.
Alternatively, the filtering operation may be performed by a filtering server provided separately.
Specifically, the header of the message to be processed carries the message address and the message port.
Optionally, the first preset condition may be that a packet address matches a current ingress address, and the packet port matches the current ingress port. The second preset condition may be that a message address in the filtered message matches the current outbound address, and a message port in the filtered message matches the current outbound port.
For example, in the case that the number of the current incoming packet filtering information is multiple (assuming that the number of the current incoming packet filtering information is 3), the matching principle may be as follows:
suppose that the generation sequence of the 3 current incoming packet filtering information in the configuration process is: current incoming message filtering information 1, current incoming message filtering information 2 and current incoming message filtering information 3.
When a message to be processed enters a filtering module in a client, firstly matching current incoming message filtering information 1, then matching current incoming message filtering information 2, and then matching current incoming message filtering information 3. Meanwhile, the matching principle of each piece of current incoming message filtering information is 'matching, namely jumping out', that is, if the two conditions of the IP address and the protocol port are met, a corresponding incoming strategy is executed, and the matching of the subsequent filtering information is not participated.
Specifically, firstly, a message address carried in a header of the message to be processed is matched with a current incoming address in current incoming message filtering information 1, a message port carried in the header of the message to be processed is matched with a current incoming port in the current incoming message filtering information 1, if the matching between the message address and the current incoming address is successful, a subsequent matching process is not executed, and a current incoming message filtering strategy in the current incoming message filtering information 1 is used for filtering the message to be processed, so that the filtered message is obtained. If any one of the two is not matched successfully, the current incoming message filtering information 2 is continuously matched, and the like.
For example, in the case that the number of the current outgoing packet filtering information is multiple (assuming that the number of the current outgoing packet filtering information is 3), the matching principle may be as follows:
suppose that the generation sequence of the 3 current outbound message filtering information in the configuration process is: current outgoing message filtering information 1, current outgoing message filtering information 2, and current outgoing message filtering information 3.
When the filtered message leaves the filtering module in the client, the current outgoing message filtering information 1 is matched first, then the current outgoing message filtering information 2 is matched, and then the current outgoing message filtering information 3 is matched. Meanwhile, the matching principle of each piece of current outbound message filtering information is 'matching, namely jumping out', that is, if the two conditions of the IP address and the protocol port are met, a corresponding outbound message filtering strategy is executed, and the matching of the subsequent filtering information is not performed.
Because the speed and the precision of the generation of the current message filtering information can be improved through the graphic visualization operation, and the consumption of system resources is reduced, the filtering speed and the filtering precision of the message to be processed can be improved and the consumption of the system resources in the filtering process of the message to be processed can be reduced by filtering the message to be processed based on the current message filtering information (including the current incoming message filtering information and the current outgoing message filtering information) obtained in response to the graphic visualization operation.
In an alternative embodiment, the data in the configuration and generation process may be stored and recorded in a log system.
Illustratively, all job data in the entire configuration generation process may be stored by the storage module.
Illustratively, all activity logs in the entire configuration generation process may be logged by a logging system.
In a specific embodiment, the method for generating message filtering information disclosed in the embodiments of the present application may store the data in the configuration and generation process in a block chain.
Fig. 14 is a diagram illustrating the technical architecture of a message filtering system in accordance with an exemplary embodiment. As shown in FIG. 14, the architecture diagram may include a configuration module, a work module, a filter module, a storage module, and a log module.
Specifically, the configuration module is configured to configure current message filtering information through an imaging interface. And transmitting the current message filtering information to a working module.
Specifically, the work module is configured to obtain the configuration information of the front-end graphics, and generate an executable configuration script statement according to a predetermined iptables command mode. And outputting the result to a front-end graphical interface of the configuration module, and displaying and downloading the tool script on the front-end graphical interface.
Wherein, the Itables processing logic is as follows:
the message obtained from the network card by the operating system is firstly routed through nat- > PREROUTING, and whether the current message is directly forwarded or released to enter the local machine or not is judged, and meanwhile, whether network address conversion is needed or not is judged.
Fig. 15 is a schematic diagram illustrating a route for packet forwarding according to an example embodiment. As shown in fig. 15, if the message to be processed needs to be forwarded, then the filter- > FORWARD chain is taken. In FIG. 15, "10" is nat- > PREROUTING, "20" is filter-FORWARD, and "30" is nat-POSTROUTING.
Nat is a network address conversion table, the filter table is a data filtering table, PREROUTING is a rule before routing (that is, converting a public network address into an internal network address), FORWARD is a forwarding rule, and POSTROUTING is a rule after routing (that is, converting an internal network address into a public network address).
Fig. 16 is a diagram illustrating a route for passing a message into a native machine according to an example embodiment. As shown in FIG. 16, if the player goes native, the filter- > INPUT chain is walked. In fig. 16, "40" is nat- > forwarding, "50" is filter-INPUT, "60" is local _ profiles, "70" is nat-OUTPUT, "80" is filter-OUTPUT, and "90" is nat-post OUTPUT.
Wherein INPUT is an inbound rule, local _ procs is a local handler, and OUTPUT is an outbound rule.
Specifically, the filtering module is configured to execute iptables instructions or shell scripts generated in the work module. It may be located in the client, or it may be a separately provided server, or it may be a server already existing in the original service system. After the iptables generated by the working module is executed, the server of the filtering module has the complete message filtering capability.
Specifically, the storage module is used for storing configuration information of the whole system, and comprises a whole set of database cluster. The database architecture adopts a master-slave mode to ensure that data cannot be lost.
FIG. 17 is a first operational schematic diagram of a memory module shown in accordance with an exemplary embodiment. As shown in fig. 17:
and (4) normal operation: the library A is used as a main library to bear all data read-write work, the library B is used as a standby library to synchronize data from the library A, and the data are backed up:
FIG. 18 is a second operational schematic diagram of a memory module shown in accordance with an exemplary embodiment. As shown in fig. 18:
failure of the main warehouse: and the database A fails to provide data reading and writing service to the outside, the data reading and writing service is borne by the database B, and meanwhile, the data between the database AB is synchronously interrupted.
FIG. 19 is a third operational schematic diagram of a memory module shown in accordance with an exemplary embodiment. As shown in fig. 19:
and (3) fault repair: and the failure of the library A is repaired, but the role is switched to the standby library, and the data is synchronized and backed up from the library B. Meanwhile, the B library is used as a master library to undertake the data reading and writing work:
specifically, the log module is used for recording an operation log of the whole monitoring system, and it is ensured that the system operation information can be traced.
FIG. 20 is a schematic diagram illustrating the storage principles of a log module in accordance with an exemplary embodiment. As shown in fig. 20, the running log may be stored in the log server of the storage module while storing a copy locally in a text manner.
Fig. 21 is a block diagram illustrating a message filtering information generating apparatus according to an example embodiment. As shown in fig. 21, an embodiment of the present application further provides a message filtering information generating apparatus, where the apparatus may at least include:
an edit interface display module 501, configured to display a message filtering information edit interface including an address port edit box and a policy edit box;
a first operation instruction response module 503, configured to respond to a first operation instruction triggered based on the address port edit box, and show, in the message filtering information edit interface, an address port selection area including a preset address port group and a history message filtering example, where the preset address port group is generated based on a plurality of preset address ports, and the history message filtering example is created based on a preset address port and a preset message filtering policy;
a first selection instruction response module 505, configured to respond to a first selection instruction triggered based on the address port selection area, and use an address port in a preset address port group and/or a history packet filtering instance corresponding to the first selection instruction as a current address port;
a second operation instruction response module 507, configured to respond to a second operation instruction triggered based on the policy edit box, and display a policy selection area including a plurality of preset message filtering policies in the message filtering information edit interface;
a third selecting instruction responding module 509, configured to respond to a third selecting instruction triggered based on the policy selecting area, and use a packet filtering policy corresponding to the third selecting instruction as a current packet filtering policy;
a current message filtering information generating module 5011, configured to generate current message filtering information according to the current address port and the current message filtering policy;
the display module 5013 is configured to display the current message filtering information.
Illustratively, the address port edit box includes an address edit box, the address port select area includes an address select area, the preset address port group includes a preset address group, the current address port includes a current address, the preset address port includes a preset address and a preset port, and the first operation instruction response module 503 may be configured to respond to the first operation instruction triggered based on the address edit box, and display the address select area including a preset private address, the preset address group, and the history packet filter instance in a preset area of a location where the address edit box is located; the preset address group is generated based on a plurality of preset addresses, and the historical message filtering example is created based on the preset addresses, the preset ports and the preset message filtering strategy.
Accordingly, the first selection instruction response module 505 may be configured to respond to the first selection instruction triggered based on the address selection area, and use at least one of a preset private address corresponding to the first selection instruction, an address in a history packet filtering instance, or a preset address group as the current address.
Illustratively, the address port edit box includes a port edit box, the address port select area includes a port select area, the preset address port group includes a preset port group, the current address port includes a current port, the first operation instruction response module 503 may be configured to respond to the first operation instruction triggered based on the port edit box, and display the port select area including the preset port group and the history packet filtering example in a preset area of a position where the port edit box is located, where the preset port group is generated based on a plurality of preset ports.
Accordingly, the first selection instruction response module 505 may be configured to respond to the first selection instruction triggered based on the port selection area, and use the port in the preset port group and/or the historical packet filtering instance corresponding to the first selection instruction as the current port.
Exemplarily, the apparatus may further include:
the writing module can be used for responding to a message filtering information writing instruction, and writing the current message filtering information into a preset file to obtain current filtering script information;
the script information display module can be used for displaying the current filtering script information;
and the sending module can be used for responding to a downloading instruction triggered based on the current filtering script information and sending the current filtering script information to a target object.
Illustratively, the address edit box includes an incoming address edit box and an outgoing address edit box, the port edit box includes an incoming port edit box and an outgoing port edit box, the policy edit box includes an incoming policy edit box and an outgoing policy edit box, and the apparatus may further include:
a message filtering information control interface display module, configured to display a message filtering information control interface including first interface control information, second interface control information, and editing interface control information, where the message filtering information control interface includes an outgoing message filtering information control interface and an incoming message filtering information control interface, the first interface control information is used to switch the incoming message filtering information control interface to the outgoing message filtering information control interface, and the second interface control information is used to switch the outgoing message filtering information control interface to the incoming message filtering information control interface;
a fourth operation instruction response module, configured to, in a case that the packet filtering information control interface is the inbound packet filtering information control interface, respond to a fourth operation instruction triggered based on the editing interface control information, and display the packet filtering information editing interface including the inbound address editing box, the inbound port editing box, and the inbound policy editing box;
a fifth operation instruction response module, configured to switch the incoming packet filtering information control interface to the outgoing packet filtering information control interface in response to a fifth operation instruction triggered based on the first interface control information;
a sixth operation instruction response module, configured to respond to a sixth operation instruction triggered based on the editing interface control information, and display the message filtering information editing interface that includes the outbound address editing box, the outbound port editing box, and the outbound policy editing box.
Illustratively, the message filtering information control interface includes instance generation information, and the apparatus further includes:
the creating module may be configured to create the history packet filtering example at a history time before the current time, in response to a third operation instruction triggered based on the example generation information, according to a history address port and a history packet filtering policy;
the history packet filtering policy is determined based on a plurality of preset packet filtering policies in a policy selection area shown in the history time, the history address port is determined based on a preset address port group in an address port selection area shown in the history time, and a previous history packet filtering example is determined based on an example created at a time before the history time.
Illustratively, the current packet filtering information includes current incoming packet filtering information and current outgoing packet filtering information, the current address includes a current incoming address and a current outgoing address, the current port includes a current incoming port and a current outgoing port, the current packet filtering policy includes a current incoming packet filtering policy and a current outgoing packet filtering policy, and the current packet filtering information generating module 5011 may include:
a first generating unit, configured to generate the current incoming packet filtering information based on the current incoming address, the current incoming port, and the current incoming packet filtering policy;
a second generating unit, configured to generate the current outbound packet filtering information based on the current outbound address, the current outbound port, and the current outbound packet filtering policy.
Illustratively, the first generating unit may include:
the first information template obtaining subunit is configured to obtain a first preset message filtering information template;
a first adding subunit, configured to add the current incoming address, the current incoming port, and the current incoming packet filtering policy to the first preset packet filtering information template, so as to obtain the current incoming packet filtering information;
accordingly, the second generating unit includes:
a second information template obtaining subunit, configured to obtain a second preset message filtering information template;
a second adding subunit, configured to add the current outbound address, the current outbound port, and the current outbound packet filtering policy to the second preset packet filtering information template, so as to obtain the current outbound packet filtering information.
Exemplarily, the apparatus may further include:
the message to be processed acquisition module can be used for acquiring a message to be processed, wherein the message to be processed comprises a message address and a message port;
the first matching module may be configured to match the packet address with the current ingress address to obtain an ingress address matching result, and match the packet port with the current ingress port to obtain an ingress port matching result;
the filtered message obtaining module may be configured to, when the incoming address matching result and the incoming port matching result satisfy a first preset condition, filter the to-be-processed message through the current incoming message filtering policy to obtain a filtered message;
the second matching module may be configured to match a packet address in the filtered packet with the current outbound address to obtain an outbound address matching result, and match a packet port in the filtered packet with the current outbound port to obtain an outbound port matching result;
the filtering result determining module may be configured to, when the outbound address matching result and the outbound port matching result satisfy a second preset condition, filter the filtered packet through the current outbound packet filtering policy, and obtain a filtering result corresponding to the to-be-processed packet.
It should be noted that the embodiments of the apparatus provided in the embodiments of the present application are based on the same inventive concept as the embodiments of the method described above.
The embodiment of the present application further provides an electronic device for generating message filtering information, where the electronic device includes a processor and a memory, where the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded and executed by the processor to implement the message filtering information generating method provided in the foregoing method embodiment.
Embodiments of the present application further provide a computer-readable storage medium, which may be disposed in a terminal to store at least one instruction or at least one program for implementing a message filtering information generation method in the method embodiments, where the at least one instruction or the at least one program is loaded and executed by a processor to implement the message filtering information generation method provided in the method embodiments.
Alternatively, in embodiments of the present description, the storage medium may be located at multiple network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
The memory of the embodiments of the present disclosure may be used to store software programs and modules, and the processor may execute various functional applications and data processing by operating the software programs and modules stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system, application programs needed by functions and the like; the storage data area may store data created according to use of the device, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as a plurality of magnetic disk storage devices, flash memory devices, or other volatile solid state storage devices. Accordingly, the memory may also include a memory controller to provide the processor access to the memory.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and executes the computer instruction, so that the computer device executes the message filtering information generating method provided by the above method embodiment.
The message filtering information generating method provided by the embodiment of the application can be executed in electronic equipment such as a terminal, a computer terminal, a server or a similar arithmetic device. Fig. 22 is a block diagram illustrating an electronic device for message filtering information generation in accordance with an example embodiment. As shown in fig. 22, the server 600 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 610 (the CPU 610 may include but is not limited to a Processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 630 for storing data, and one or more storage media 620 (e.g., one or more mass storage devices) for storing applications 623 or data 622. Memory 630 and storage medium 620 may be, among other things, transient or persistent storage. The program stored on the storage medium 620 may include one or more modules, each of which may include a series of instruction operations for the server. Still further, the central processor 610 may be configured to communicate with the storage medium 620 to execute a series of instruction operations in the storage medium 620 on the server 600. The Server 600 may also include one or more power supplies 660, one or more wired or wireless network interfaces 650, one or more input-output interfaces 640, and/or one or more operating systems 621, such as a Windows ServerTM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTMAnd so on.
The input/output interface 640 may be used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the server 600. In one example, i/o Interface 640 includes a Network adapter (NIC) that may be coupled to other Network devices via a base station to communicate with the internet. In one example, the input/output interface 640 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
It will be understood by those skilled in the art that the structure shown in fig. 22 is merely illustrative and is not intended to limit the structure of the electronic device. For example, server 600 may also include more or fewer components than shown in FIG. 22, or have a different configuration than shown in FIG. 22.
It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the device and server embodiments, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the partial description of the method embodiments.
It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The present invention is not intended to be limited to the particular embodiments shown and described, but is to be accorded the widest scope consistent with the principles and novel features herein disclosed.
Claims (12)
1. A message filtering information generating method is characterized in that the method comprises the following steps:
displaying a message filtering information editing interface comprising an address port editing frame and a strategy editing frame;
responding to a first operation instruction triggered based on the address port edit box, displaying in a preset area of the position of the address port edit box, wherein the preset area comprises a preset address port group and an address port selection area of a historical message filtering example, the preset address port group is generated based on a plurality of preset address ports, the historical message filtering example is created based on the historical address ports and the historical message filtering strategy, the historical packet filtering policy is determined for a plurality of preset packet filtering policies in a policy selection area that is exposed based on historical time, the historical address port is a preset set of address ports in an address port selection area shown based on the historical time, and a previous history packet filtering instance, the previous history packet filtering instance being an instance created at a time prior to the history time;
in response to a first selection instruction triggered based on the address port selection area, taking a preset address port group corresponding to the first selection instruction and an address port in a historical message filtering example as a current address port, or taking the address port in the historical message filtering example corresponding to the first selection instruction as the current address port;
responding to a second operation instruction triggered based on the strategy edit box, and displaying a strategy selection area comprising a plurality of preset message filtering strategies in the message filtering information edit interface;
responding to a third selection instruction triggered based on the strategy selection area, and taking a message filtering strategy corresponding to the third selection instruction as a current message filtering strategy;
generating current message filtering information according to the current address port and the current message filtering strategy;
and displaying the current message filtering information.
2. The message filtering information generating method according to claim 1, wherein the address port edit box includes an address edit box, the address port selection area includes an address selection area, the preset address port group includes a preset address group, the current address port includes a current address, the preset address port includes a preset address and a preset port, and the displaying in the preset area of the position of the address port edit box in response to a first operation instruction triggered based on the address port edit box includes the address port selection area including the preset address port group and a history message filtering instance, including:
responding to the first operation instruction triggered based on the address edit box, and displaying the address selection area comprising a preset private address, the preset address group and the historical message filtering example in a preset area of the position of the address edit box; the preset address group is generated based on a plurality of preset addresses, and the historical message filtering example is created based on the preset addresses, the preset ports and the preset message filtering strategy;
correspondingly, the, in response to a first selection instruction triggered based on the address port selection area, taking a preset address port group corresponding to the first selection instruction and an address port in a history packet filtering instance as a current address port, or taking an address port in a history packet filtering instance corresponding to the first selection instruction as a current address port, includes:
and in response to the first selection instruction triggered based on the address selection area, taking a preset private address corresponding to the first selection instruction and an address in a historical message filtering instance as the current address, or taking a preset address group corresponding to the first selection instruction and an address in a historical message filtering instance as the current address, or taking an address in a historical message filtering instance corresponding to the first selection instruction as the current address.
3. The message filtering information generating method according to claim 2, wherein the address port edit box includes a port edit box, the address port selection area includes a port selection area, the preset address port group includes a preset port group, the current address port includes a current port, and the responding to the first operation instruction triggered based on the address port edit box is displayed in a preset area of a location where the address port edit box is located, the address port selection area including a preset address port group and a history message filtering example includes:
responding to the first operation instruction triggered based on the port edit box, and displaying the port selection area comprising the preset port group and the historical message filtering example in a preset area of the position of the port edit box, wherein the preset port group is generated based on a plurality of preset ports;
correspondingly, the, in response to a first selection instruction triggered based on the address port selection area, taking a preset address port group corresponding to the first selection instruction and an address port in a history packet filtering instance as a current address port, or taking an address port in a history packet filtering instance corresponding to the first selection instruction as a current address port, includes:
and in response to the first selection instruction triggered based on the port selection area, taking the preset port group corresponding to the first selection instruction and the port in the historical packet filtering example as the current port, or taking the port in the historical packet filtering example as the current port.
4. The message filtering information generating method according to claim 1, wherein the method further comprises:
responding to a message filtering information writing instruction, and writing the current message filtering information into a preset file to obtain current filtering script information;
displaying the current filtering script information;
and responding to a downloading instruction triggered based on the current filtering script information, and sending the current filtering script information to a target object.
5. The message filtering information generating method according to claim 3, wherein the address edit boxes include an ingress address edit box and an egress address edit box, the port edit boxes include an ingress port edit box and an egress port edit box, and the policy edit box includes an ingress policy edit box and an egress policy edit box, the method further comprising:
displaying a message filtering information control interface comprising first interface control information, second interface control information and editing interface control information, wherein the message filtering information control interface comprises an outgoing message filtering information control interface and an incoming message filtering information control interface, the first interface control information is used for switching the incoming message filtering information control interface into the outgoing message filtering information control interface, and the second interface control information is used for switching the outgoing message filtering information control interface into the incoming message filtering information control interface;
under the condition that the message filtering information control interface is the incoming message filtering information control interface, responding to a fourth operation instruction triggered based on the editing interface control information, and displaying the message filtering information editing interface comprising the incoming address editing frame, the incoming port editing frame and the incoming strategy editing frame;
responding to a fifth operation instruction triggered based on the first interface control information, and switching the incoming message filtering information control interface into the outgoing message filtering information control interface;
and responding to a sixth operation instruction triggered based on the editing interface control information, and displaying the message filtering information editing interface comprising the outbound address editing frame, the outbound port editing frame and the outbound strategy editing frame.
6. The message filtering information generating method according to claim 5, wherein the message filtering information control interface includes instance generation information, the method further comprising the step of creating the historical message filtering instance, the step of creating the historical message filtering instance comprising:
and in the historical time before the current time, responding to a third operation instruction triggered based on the instance generation information, and creating the historical message filtering instance according to a historical address port and a historical message filtering strategy.
7. The method of claim 3, wherein the current packet filtering information includes current incoming packet filtering information and current outgoing packet filtering information, the current address includes a current incoming address and a current outgoing address, the current port includes a current incoming port and a current outgoing port, the current packet filtering policy includes a current incoming packet filtering policy and a current outgoing packet filtering policy, and the generating the current packet filtering information according to the current address port and the current packet filtering policy comprises:
generating the current incoming packet filtering information based on the current incoming address, the current incoming port and the current incoming packet filtering strategy;
and generating the current outbound message filtering information based on the current outbound address, the current outbound port and the current outbound message filtering strategy.
8. The method according to claim 7, wherein the generating the current incoming packet filtering information based on the current incoming address, the current incoming port, and the current incoming packet filtering policy comprises:
acquiring a first preset message filtering information template;
adding the current incoming address, the current incoming port and the current incoming message filtering strategy to the first preset message filtering information template to obtain the current incoming message filtering information;
correspondingly, the generating the current outbound packet filtering information based on the current outbound address, the current outbound port and the current outbound packet filtering policy includes:
acquiring a second preset message filtering information template;
and adding the current outgoing address, the current outgoing port and the current outgoing message filtering strategy to the second preset message filtering information template to obtain the current outgoing message filtering information.
9. The message filtering information generating method according to claim 8, wherein the method further comprises:
acquiring a message to be processed, wherein the message to be processed comprises a message address and a message port;
matching the message address with the current incoming address to obtain an incoming address matching result, and matching the message port with the current incoming port to obtain an incoming port matching result;
under the condition that the incoming address matching result and the incoming port matching result meet a first preset condition, filtering the message to be processed through the current incoming message filtering strategy to obtain a filtered message;
matching the message address in the filtered message with the current outgoing address to obtain an outgoing address matching result, and matching the message port in the filtered message with the current outgoing port to obtain an outgoing port matching result;
and under the condition that the outgoing address matching result and the outgoing port matching result meet a second preset condition, filtering the filtered message through the current outgoing message filtering strategy to obtain a filtering result corresponding to the message to be processed.
10. An apparatus for generating message filtering information, the apparatus comprising:
the editing interface display module is used for displaying a message filtering information editing interface comprising an address port editing frame and a strategy editing frame;
a first operation instruction response module, configured to respond to a first operation instruction triggered based on the address port edit box, displaying in a preset area of the position of the address port edit box, including a preset address port group and an address port selection area of a history message filtering example, the preset address port group is generated based on a plurality of preset address ports, the historical message filtering example is created based on the historical address ports and the historical message filtering strategy, the historical packet filtering policy is determined for a plurality of preset packet filtering policies in a policy selection area that is exposed based on historical time, the historical address port is a preset set of address ports in an address port selection area shown based on the historical time, and a previous history packet filtering instance, the previous history packet filtering instance being an instance created at a time prior to the history time;
a first selection instruction response module, configured to, in response to a first selection instruction triggered based on the address port selection area, take a preset address port group corresponding to the first selection instruction and an address port in a history packet filtering instance as a current address port, or take an address port in a history packet filtering instance corresponding to the first selection instruction as a current address port;
the second operation instruction response module is used for responding to a second operation instruction triggered based on the strategy edit box and displaying a strategy selection area comprising a plurality of preset message filtering strategies in the message filtering information edit interface;
a third selection instruction response module, configured to respond to a third selection instruction triggered based on the policy selection area, and use a packet filtering policy corresponding to the third selection instruction as a current packet filtering policy;
a current message filtering information generating module, configured to generate current message filtering information according to the current address port and the current message filtering policy;
and the display module is used for displaying the current message filtering information.
11. An electronic device for generating message filtering information, wherein the device comprises a processor and a memory, and the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded by the processor and executed to implement the message filtering information generating method according to any one of claims 1 to 9.
12. A computer-readable storage medium, wherein at least one instruction or at least one program is stored in the computer-readable storage medium, and the at least one instruction or the at least one program is loaded by a processor and executed to implement the message filtering information generating method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111011959.1A CN113452725B (en) | 2021-08-31 | 2021-08-31 | Message filtering information generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111011959.1A CN113452725B (en) | 2021-08-31 | 2021-08-31 | Message filtering information generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113452725A CN113452725A (en) | 2021-09-28 |
| CN113452725B true CN113452725B (en) | 2021-12-10 |
Family
ID=77819337
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111011959.1A Active CN113452725B (en) | 2021-08-31 | 2021-08-31 | Message filtering information generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113452725B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1356640A1 (en) * | 2001-01-31 | 2003-10-29 | TELDIX GmbH | Modular and scalable switch and method for the distribution of fast ethernet data frames |
| CN101714997A (en) * | 2010-01-15 | 2010-05-26 | 中国工商银行股份有限公司 | Firewall strategy-generating method, device and system |
| CN101739420A (en) * | 2008-11-05 | 2010-06-16 | 上海埃帕信息科技有限公司 | Browser interface and operation method thereof |
| CN205035345U (en) * | 2015-09-02 | 2016-02-17 | 湖北瑞晟生物有限责任公司 | Rose liquid extraction system convenient to monitoring |
| CN111786949A (en) * | 2020-05-22 | 2020-10-16 | 山东鲁能软件技术有限公司 | Firewall security policy automatic adaptation system and method |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988439A (en) * | 2006-12-08 | 2007-06-27 | 亿阳安全技术有限公司 | Device and method for realizing network safety |
| CN101388789A (en) * | 2007-09-10 | 2009-03-18 | 上海市闵行中学 | Solving method for IP address collision failure brought up by router software BUG |
| CN101771669B (en) * | 2008-12-30 | 2014-07-30 | 北京天融信网络安全技术有限公司 | Method for setting firewall policy and device therefor |
| US9473457B2 (en) * | 2009-10-22 | 2016-10-18 | International Business Machines Corporation | Interactive management of web application firewall rules |
| CN104853043A (en) * | 2015-05-07 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Notification message filtering and control method, smart phone and system |
| US10938726B2 (en) * | 2017-09-06 | 2021-03-02 | Nicira, Inc. | Internet protocol flow data including firewall rules |
| CN109597976B (en) * | 2018-10-11 | 2023-07-25 | 创新先进技术有限公司 | Document editing method and device |
| CN109636317B (en) * | 2018-11-23 | 2023-06-30 | 山东中创软件工程股份有限公司 | Service control method, device, system and storage medium |
| KR20210051825A (en) * | 2019-10-31 | 2021-05-10 | 삼성에스디에스 주식회사 | Apparatus and method for managing security policy of firewall |
-
2021
- 2021-08-31 CN CN202111011959.1A patent/CN113452725B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1356640A1 (en) * | 2001-01-31 | 2003-10-29 | TELDIX GmbH | Modular and scalable switch and method for the distribution of fast ethernet data frames |
| CN101739420A (en) * | 2008-11-05 | 2010-06-16 | 上海埃帕信息科技有限公司 | Browser interface and operation method thereof |
| CN101714997A (en) * | 2010-01-15 | 2010-05-26 | 中国工商银行股份有限公司 | Firewall strategy-generating method, device and system |
| CN205035345U (en) * | 2015-09-02 | 2016-02-17 | 湖北瑞晟生物有限责任公司 | Rose liquid extraction system convenient to monitoring |
| CN111786949A (en) * | 2020-05-22 | 2020-10-16 | 山东鲁能软件技术有限公司 | Firewall security policy automatic adaptation system and method |
Non-Patent Citations (2)
| Title |
|---|
| securing the linux web server via the linux netfiler/iptable firewall:information security education;Akpabi,Wonder Yao Stephen;《LULEA UNIVERSITY OF THCHNOLAGY》;20121231;全文 * |
| 基于Linux防火墙的可视化管理***的研究与实现;周华平等;《微计算机信息》;20061231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113452725A (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535831B (en) | Kubernetes and network domain-based cluster security management method and device and storage medium | |
| US11468641B2 (en) | Augmented reality assistant | |
| US10476912B2 (en) | Creating, visualizing, and simulating a threat based whitelisting security policy and security zones for networks | |
| US8813209B2 (en) | Automating network reconfiguration during migrations | |
| EP3646549B1 (en) | Firewall configuration manager | |
| CN109952746A (en) | Physics and virtual network function are integrated in business chain network environment | |
| EP3432551B1 (en) | Splitting network discovery payload based on degree of relationships between nodes | |
| Hu et al. | Development and operation analysis of spectrum monitoring subsystem 2.4–2.5 GHz range | |
| US11362889B2 (en) | System and method for automated information technology services management | |
| CN113037891B (en) | Access method and device for stateful application in edge computing system and electronic equipment | |
| CN113067739B (en) | High-density container network deployment method and system | |
| US9391955B2 (en) | Firewall policy converter | |
| Müller et al. | 5G as key technology for networked factories: Application of vertical-specific network services for enabling flexible smart manufacturing | |
| US9866466B2 (en) | Simulating real user issues in support environments | |
| CN111371608B (en) | Method, device and medium for deploying SFC service chain | |
| US10949070B2 (en) | Customizable mobile application for event management | |
| US11805146B2 (en) | System and method for detection promotion | |
| CN113452725B (en) | Message filtering information generation method and device | |
| Costa et al. | Enhancing orchestration and infrastructure programmability in SDN with notoriety | |
| US10942787B2 (en) | Instance mapping engine and tools | |
| CN108696559A (en) | Method for stream processing and device | |
| US20190149622A1 (en) | Application Resilience System and Method Thereof for Applications Deployed on Platform | |
| US20210263641A1 (en) | Context-driven group pill in a user interface | |
| US20200302349A1 (en) | Action determination for case management | |
| US10447777B1 (en) | Method and system for providing a dynamically updated expertise and context based peer-to-peer customer support system within a software application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40052351 Country of ref document: HK |