[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112217773B - Firewall rule processing method, device and storage medium - Google Patents

Firewall rule processing method, device and storage medium Download PDF

Info

Publication number
CN112217773B
CN112217773B CN201910626279.7A CN201910626279A CN112217773B CN 112217773 B CN112217773 B CN 112217773B CN 201910626279 A CN201910626279 A CN 201910626279A CN 112217773 B CN112217773 B CN 112217773B
Authority
CN
China
Prior art keywords
firewall rule
firewall
target
priority
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910626279.7A
Other languages
Chinese (zh)
Other versions
CN112217773A (en
Inventor
胡雯涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Suzhou Software Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201910626279.7A priority Critical patent/CN112217773B/en
Publication of CN112217773A publication Critical patent/CN112217773A/en
Application granted granted Critical
Publication of CN112217773B publication Critical patent/CN112217773B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种防火墙规则处理方法,基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。本发明还同时公开了一种防火墙规则处理装置及存储介质。这里,根据插入的所述第一防火墙规则的优先级,便可对所述目标防火墙规则列表中的其他防火墙规则的优先级进行相应调整,得到调整后的目标防火墙规则列表。可见,简化了防火墙规则的插入过程,提高了防火墙规则维护过程的效率。

Figure 201910626279

The invention discloses a firewall rule processing method. Based on information carried by a first firewall rule, the priority of the first firewall rule in a target firewall rule list is determined; priority in the list, insert the first firewall rule into the target firewall rule list. The invention also discloses a firewall rule processing device and a storage medium at the same time. Here, according to the inserted priority of the first firewall rule, the priorities of other firewall rules in the target firewall rule list can be adjusted accordingly to obtain an adjusted target firewall rule list. It can be seen that the insertion process of the firewall rules is simplified, and the efficiency of the maintenance process of the firewall rules is improved.

Figure 201910626279

Description

一种防火墙规则处理方法、装置及存储介质Firewall rule processing method, device and storage medium

技术领域technical field

本发明涉及信息处理领域,尤其涉及一种防火墙规则处理方法、装置及存储介质。The present invention relates to the field of information processing, and in particular, to a method, device and storage medium for processing firewall rules.

背景技术Background technique

现有技术中,防火墙规则列表往往存储在防火墙设备中,防火墙规则保存在不同的区间中,当有新的防火墙规则插入防火墙规则列表或者有防火墙规则从防火墙规则列表中删除时,可能会使得多个防火墙规则迁移到新的区间,防火墙规则列表的维护过程相对复杂。In the prior art, the firewall rule list is often stored in the firewall device, and the firewall rules are stored in different intervals. When a new firewall rule is inserted into the firewall rule list or a firewall rule is deleted from the firewall rule list, it may cause many problems. A firewall rule is migrated to a new range, and the maintenance process of the firewall rule list is relatively complicated.

此外,终端设备若要获取防火墙规则列表,需要发送请求消息给防火墙运营平台,再由防火墙运营平台向防火墙设备发送请求消息。防火墙运营平台接收到防火墙设备反馈的防火墙规则列表后,对防火墙规则列表进行排序后,再发送给终端设备。可见,整个交互过程较为复杂,响应时间较长。In addition, if the terminal device wants to obtain the firewall rule list, it needs to send a request message to the firewall operation platform, and then the firewall operation platform sends the request message to the firewall device. After receiving the firewall rule list fed back by the firewall device, the firewall operation platform sorts the firewall rule list before sending it to the terminal device. It can be seen that the entire interaction process is complex and the response time is long.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明实施例期望提供一种防火墙规则处理方法、装置及存储介质,旨在解决现有技术中存在的上述问题。In view of this, the embodiments of the present invention are expected to provide a firewall rule processing method, device, and storage medium, aiming at solving the above-mentioned problems existing in the prior art.

为达到上述目的,本发明实施例的技术方案是这样实现的:In order to achieve the above-mentioned purpose, the technical scheme of the embodiment of the present invention is realized as follows:

本发明实施例提供一种防火墙规则处理方法,所述方法包括:An embodiment of the present invention provides a firewall rule processing method, the method includes:

基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;其中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的后一条防火墙规则的标识(identification,ID)信息、及所述第一防火墙规则的前一条防火墙规则的状态信息;Based on the information carried by the first firewall rule, determine the priority of the first firewall rule in the target firewall rule list; wherein the information carried by the first firewall rule includes at least the next firewall rule of the first firewall rule The identification (ID) information of the first firewall rule, and the state information of the previous firewall rule of the first firewall rule;

根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。Inserting the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list.

上述方案中,所述方法还包括:In the above scheme, the method also includes:

基于所述第一防火墙规则携带的信息,确定所述第一防火墙规则在所述目标防火墙规则列表中的排列位置。Based on the information carried by the first firewall rule, the arrangement position of the first firewall rule in the target firewall rule list is determined.

上述方案中,所述方法还包括:In the above scheme, the method also includes:

当所述目标防火墙规则列表中包含除所述第一防火墙规则外的至少一条其他防火墙规则时,根据所述第一防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级。When the target firewall rule list contains at least one other firewall rule except the first firewall rule, adjust the at least one other firewall rule in the target firewall rule list according to the priority of the first firewall rule The priority of the firewall rule.

上述方案中,所述方法还包括:In the above scheme, the method also includes:

从所述目标防火墙规则列表中删除第二防火墙规则。上述方案中,所述方法还包括:Delete the second firewall rule from the target firewall rule list. In the above scheme, the method also includes:

当所述目标防火墙规则列表中包含除所述第二防火墙规则外的至少一条剩余防火墙规则时,则根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条剩余防火墙规则的优先级。When the target firewall rule list includes at least one remaining firewall rule except the second firewall rule, adjust the at least one item in the target firewall rule list according to the priority of the second firewall rule The priority of the remaining firewall rules.

上述方案中,所述方法还包括:In the above scheme, the method also includes:

接收到终端设备的访问所述目标防火墙规则列表的请求;receiving a request from a terminal device to access the target firewall rule list;

根据所述请求,将所述目标防火墙规则列表推送至所述终端设备。According to the request, the target firewall rule list is pushed to the terminal device.

本发明实施例还提供一种防火墙规则处理装置,所述装置包括:第一确定模块和插入模块;其中,The embodiment of the present invention further provides a firewall rule processing device, the device includes: a first determination module and an insertion module; wherein,

所述第一确定模块,用于基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;the first determining module, configured to determine the priority of the first firewall rule in the target firewall rule list based on information carried by the first firewall rule;

其中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息;Wherein, the information carried by the first firewall rule includes at least the ID information of the next firewall rule of the first firewall rule and the state information of the previous firewall rule of the first firewall rule;

所述插入模块,用于根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。The inserting module is configured to insert the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list.

上述方案中,所述装置还包括第二确定模块,用于基于所述第一防火墙规则携带的信息,确定所述第一防火墙规则在所述目标防火墙规则列表中的排列位置。In the above solution, the apparatus further includes a second determination module configured to determine the arrangement position of the first firewall rule in the target firewall rule list based on the information carried by the first firewall rule.

上述方案中,所述装置还包括第一调整模块,用于当所述目标防火墙规则列表中包含除所述第一防火墙规则外的至少一条其他防火墙规则时,根据所述第一防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级。In the above solution, the device further includes a first adjustment module for, when the target firewall rule list contains at least one other firewall rule except the first firewall rule, according to the priority of the first firewall rule. level, and adjust the priority of the at least one other firewall rule in the target firewall rule list.

上述方案中,所述装置还包括删除模块,用于从所述目标防火墙规则列表中删除第二防火墙规则。In the above solution, the apparatus further includes a deletion module configured to delete the second firewall rule from the target firewall rule list.

上述方案中,所述装置还包括第二调整模块,用于当所述目标防火墙规则列表中包含除所述第二防火墙规则外的至少一条剩余防火墙规则时,根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条剩余防火墙规则的优先级。In the above solution, the device further includes a second adjustment module for, when the target firewall rule list contains at least one remaining firewall rule except the second firewall rule, according to the priority of the second firewall rule. level, and adjust the priority of the at least one remaining firewall rule in the target firewall rule list.

上述方案中,所述装置还包括推送模块,用于接收到终端设备的访问所述目标防火墙规则列表的请求;根据所述请求,将所述目标防火墙规则列表推送至所述终端设备。In the above solution, the apparatus further includes a push module configured to receive a request from a terminal device to access the target firewall rule list; and push the target firewall rule list to the terminal device according to the request.

本发明实施例还提供一种存储介质,其上存储有可执行程序,所述可执行程序被处理器执行时实现上述技术方案中的步骤。An embodiment of the present invention further provides a storage medium on which an executable program is stored, and when the executable program is executed by a processor, the steps in the foregoing technical solutions are implemented.

本发明实施例还提供一种防火墙规则处理装置,包括存储器、处理器及存储在存储器上并能够由所述处理器运行的可执行程序,其特征在于,所述处理器运行所述可执行程序时执行上述技术方案中的步骤。An embodiment of the present invention further provides an apparatus for processing firewall rules, including a memory, a processor, and an executable program stored in the memory and capable of being run by the processor, wherein the processor runs the executable program When performing the steps in the above technical solutions.

本发明实施例提供的防火墙规则处理方法、装置及存储介质,防火墙运营平台根据第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。具体的,当所述第一防火墙规则插入所述目标防火墙规则列表时,防火墙运营平台仅根据插入的所述第一防火墙规则的优先级,便可以直接对所述目标防火墙规则列表中的其他防火墙规则的优先级进行相应调整,便可得到调整后的目标防火墙规则列表。也就是说,根据防火墙规则优先级的调整便能够实现防火墙规则列表的调整,且无需防火墙规则列表中的其他防火墙规则因为优先级的调整而改变所在区间,这便提高了防火墙规则维护过程的效率,同时简化了防火墙规则的维护规程。并且,防火墙运营平台完成防火墙规则列表的维护过程,并将所述调整后的防火墙规则列表发送至终端设备,简化了与终端设备的交互过程,缩短了响应时长。In the firewall rule processing method, device, and storage medium provided by the embodiments of the present invention, the firewall operation platform determines the priority of the first firewall rule in the target firewall rule list according to the information carried by the first firewall rule; The priority of the firewall rule in the target firewall rule list, and the first firewall rule is inserted into the target firewall rule list. Specifically, when the first firewall rule is inserted into the target firewall rule list, the firewall operation platform can directly control other firewalls in the target firewall rule list only according to the priority of the inserted first firewall rule. The priority of the rule is adjusted accordingly, and the adjusted target firewall rule list can be obtained. That is to say, the firewall rule list can be adjusted according to the priority adjustment of the firewall rules, and there is no need for other firewall rules in the firewall rule list to change the interval due to the adjustment of the priority, which improves the efficiency of the firewall rule maintenance process. , while simplifying maintenance procedures for firewall rules. In addition, the firewall operation platform completes the maintenance process of the firewall rule list, and sends the adjusted firewall rule list to the terminal device, which simplifies the interaction process with the terminal device and shortens the response time.

附图说明Description of drawings

图1为本发明实施例的防火墙规则处理方法的实现流程示意图;FIG. 1 is a schematic flowchart of an implementation of a firewall rule processing method according to an embodiment of the present invention;

图2为本发明实施例的防火墙规则列表结构示意图;2 is a schematic structural diagram of a firewall rule list according to an embodiment of the present invention;

图3为本发明实施例的防火墙规则列表获取流程示意图;3 is a schematic flowchart of a firewall rule list acquisition process according to an embodiment of the present invention;

图4为本发明实施例的防火墙规则插入防火墙规则列表过程示意图;4 is a schematic diagram of a process of inserting a firewall rule into a firewall rule list according to an embodiment of the present invention;

图5为现有技术中防火墙规则列表获取流程示意图;Fig. 5 is a schematic diagram of a flow chart for obtaining a firewall rule list in the prior art;

图6为现有技术中防火墙规则存储结构示意图;6 is a schematic diagram of a firewall rule storage structure in the prior art;

图7为本发明实施例的防火墙规则从防火墙规则列表删除过程示意图;7 is a schematic diagram of a process of deleting a firewall rule from a firewall rule list according to an embodiment of the present invention;

图8为本发明实施例的防火墙规则处理装置的组成结构示意图;FIG. 8 is a schematic diagram of a composition structure of a firewall rule processing apparatus according to an embodiment of the present invention;

图9为本发明实施例的防火墙规则处理装置的硬件结构示意图。FIG. 9 is a schematic diagram of a hardware structure of a firewall rule processing apparatus according to an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚明白,下文中将结合附图对本发明实施例进行详细说明。In order to make the objectives, technical solutions and advantages of the embodiments of the present invention more clear, the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

实施例一、Embodiment 1.

本发明实施例中,防火墙规则处理方法的实现流程示意图如图1所示,包括以下步骤:In this embodiment of the present invention, a schematic diagram of the implementation flow of the firewall rule processing method is shown in FIG. 1 , including the following steps:

步骤101:基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;其中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的后一条防火墙规则的标识ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息;Step 101: Based on the information carried by the first firewall rule, determine the priority of the first firewall rule in the target firewall rule list; wherein, the information carried by the first firewall rule includes at least the following parameters of the first firewall rule. Identification ID information of a firewall rule and state information of the previous firewall rule of the first firewall rule;

步骤102:根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。Step 102: Insert the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list.

在本发明实施例中的步骤101中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的ID信息、所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息。进一步的,所述第一防火墙规则的ID信息、所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息等信息也可以存储在云平台的数据库中,当第一防火墙规则插入目标防火墙列表时,由防火墙运营平台从云平台的数据库中调取。其中,所述云平台通常指第三方提供商提供的能够使用的云,一般可通过互联网使用,可在当今整个开放的公有网络中提供服务。防火墙规则是一种基于互联网协议(Internet Protocol,IP)地址和端口的云主机出入访问控制策略。因此,合理的设定防火墙规则可以大幅度提高云主机的安全性,同时也可利用防火墙实现不同项目间的网络访问控制。In step 101 in this embodiment of the present invention, the information carried by the first firewall rule includes at least ID information of the first firewall rule, ID information of a firewall rule following the first firewall rule, and the State information of the previous firewall rule of the first firewall rule. Further, information such as the ID information of the first firewall rule, the ID information of the next firewall rule of the first firewall rule, and the status information of the previous firewall rule of the first firewall rule can also be stored in the cloud. In the database of the platform, when the first firewall rule is inserted into the target firewall list, the firewall operation platform is fetched from the database of the cloud platform. The cloud platform generally refers to a cloud that can be used by a third-party provider, generally available through the Internet, and can provide services in today's entire open public network. A firewall rule is a cloud host access control policy based on an Internet Protocol (Internet Protocol, IP) address and port. Therefore, reasonable setting of firewall rules can greatly improve the security of cloud hosts, and at the same time, firewalls can be used to implement network access control between different projects.

进一步的,如图2所示,防火墙规则列表中的每个防火墙规则包含着后一条防火墙规则的ID信息及自身的ID信息。比如,防火墙规则1中包含着防火墙规则2的ID信息及自身的ID信息。那么,便可以知道防火墙规则2的后一条防火墙规则为防火墙规则3,同理,防火墙规则3的后一条防火墙规则是防火墙规则4。这样根据防火墙规则携带的信息便可以维护着防火墙规则列表的优先级顺序。Further, as shown in FIG. 2 , each firewall rule in the firewall rule list includes the ID information of the last firewall rule and its own ID information. For example, firewall rule 1 contains the ID information of firewall rule 2 and its own ID information. Then, it can be known that the last firewall rule of firewall rule 2 is firewall rule 3, and similarly, the last firewall rule of firewall rule 3 is firewall rule 4. In this way, the priority order of the firewall rule list can be maintained according to the information carried by the firewall rules.

进一步的,当防火墙运营平台获取到所述第一防火墙规则携带的信息后,便可以确定所述第一防火墙规则的后一条防火墙规则的ID信息、第一防火墙规则的ID信息及所述第一防火墙规则的优先级字段,便可以确定所述第一防火墙规则在目标防火墙规则列表中的优先级。Further, when the firewall operation platform obtains the information carried by the first firewall rule, it can determine the ID information of the next firewall rule of the first firewall rule, the ID information of the first firewall rule, and the first firewall rule. The priority field of the firewall rule can determine the priority of the first firewall rule in the target firewall rule list.

在步骤102中,所述第一防火墙规则即为即将插入到防火墙规则列表中的防火墙规则。根据第一防火墙规则的优先级字段,可以明确其优先级。若所述目标防火墙规则列表中没有任何防火墙规则,则将所述第一防火墙规则直接插入所述目标防火墙规则列表,且优先级为1,即优先级最高。若所述目标防火墙规则列表中包含除所述第一防火墙规则外的至少一条其他防火墙规则,则将所述第一防火墙规则插入到所述目标防火墙规则列表中,并对所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级进行调整。其中,所述目标防火墙规则列表中各防火墙规则的优先级均不相同。In step 102, the first firewall rule is the firewall rule to be inserted into the firewall rule list. According to the priority field of the first firewall rule, its priority can be specified. If there is no firewall rule in the target firewall rule list, the first firewall rule is directly inserted into the target firewall rule list, and the priority is 1, that is, the priority is the highest. If the target firewall rule list contains at least one other firewall rule except the first firewall rule, then insert the first firewall rule into the target firewall rule list, and perform an analysis on the target firewall rule list. The priority of the at least one other firewall rule in is adjusted. The priority of each firewall rule in the target firewall rule list is different.

进一步的,所述根据所述第一防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级,包括:Further, according to the priority of the first firewall rule, adjusting the priority of the at least one other firewall rule in the target firewall rule list includes:

若所述第一防火墙规则在所述目标防火墙规则列表中的优先级最低,则所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级不变;If the priority of the first firewall rule in the target firewall rule list is the lowest, the priority of the at least one other firewall rule in the target firewall rule list remains unchanged;

若所述第一防火墙规则在所述目标防火墙规则列表中的优先级最高,则所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级均加1;If the priority of the first firewall rule in the target firewall rule list is the highest, the priority of the at least one other firewall rule in the target firewall rule list is increased by 1;

若所述第一防火墙规则在所述目标防火墙规则列表中的优先级排在中间,则将所述目标防火墙规则列表中的优先级大于所述第一防火墙规则的前一条防火墙规则优先级的各防火墙规则的优先级加1。If the priority of the first firewall rule in the target firewall rule list is in the middle, the priority in the target firewall rule list is higher than the priority of the previous firewall rule of the first firewall rule. The priority of the firewall rule is incremented by 1.

进一步的,防火墙运营平台可以基于所述第一防火墙规则携带的信息,确定所述第一防火墙规则在所述目标防火墙规则列表中的排列位置。具体的:Further, the firewall operation platform may determine the arrangement position of the first firewall rule in the target firewall rule list based on the information carried by the first firewall rule. specific:

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息为空且前一条防火墙规则不为空,则所述第一防火墙排在所述目标防火墙规则列表的最后;If the information carried by the first firewall rule is that the ID information of the next firewall rule is empty and the previous firewall rule is not empty, then the first firewall is ranked at the end of the target firewall rule list;

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息为空且前一条防火墙规则为空,则所述目标防火墙列表为空,所述第一防火墙是所述目标防火墙规则列表中的第一条规则;If the information carried by the first firewall rule is that the ID information of the next firewall rule is empty and the previous firewall rule is empty, the target firewall list is empty, and the first firewall is in the target firewall rule list. the first rule;

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息不为空且前一条防火墙规则为空,则所述第一防火墙排在所述目标防火墙规则列表的第一位;If the information carried by the first firewall rule is that the ID information of the next firewall rule is not empty and the previous firewall rule is empty, then the first firewall is ranked first in the target firewall rule list;

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息不为空且前一条防火墙规则不为空,所述第一防火墙排在所述目标防火墙规则列表的中间位置。If the information carried by the first firewall rule is that the ID information of the next firewall rule is not empty and the previous firewall rule is not empty, the first firewall is ranked in the middle of the target firewall rule list.

进一步的,所述第一防火墙规则插入所述目标防火墙规则列表的过程是在防火墙运营平台中完成。如图3所示,防火墙运营平台接收到终端设备发送的访问防火墙规则列表的请求,便向所述终端设备推送防火墙规则列表。Further, the process of inserting the first firewall rule into the target firewall rule list is completed in the firewall operation platform. As shown in FIG. 3 , the firewall operation platform receives the request sent by the terminal device to access the firewall rule list, and pushes the firewall rule list to the terminal device.

下面结合一个实例,对防火墙规则A插入到目标防火墙规则列表B的过程进行详细描述。The process of inserting firewall rule A into target firewall rule list B will be described in detail below with reference to an example.

如图4所示,当后一条防火墙规则的识别信息为空,且防火墙规则A的前置防火墙规则不为空时,则防火墙规则A排在目标防火墙规则列表B的最后,优先级最低。那么,防火墙运营平台将防火墙规则A的前置防火墙规则的后一条防火墙规则识别信息设置为防火墙规则A的识别信息,将防火墙规则A的前置防火墙规则优先级加1作为防火墙规则A的优先级;As shown in Figure 4, when the identification information of the latter firewall rule is empty, and the preceding firewall rule of firewall rule A is not empty, then firewall rule A is ranked last in target firewall rule list B with the lowest priority. Then, the firewall operation platform sets the identification information of the last firewall rule of the preceding firewall rule of firewall rule A as the identification information of firewall rule A, and adds 1 to the priority of the preceding firewall rule of firewall rule A as the priority of firewall rule A. ;

当后一条防火墙规则的识别信息为空,且防火墙规则A的前置防火墙规则为空时,则目标防火墙规则列表B为空,即防火墙规则A为第一条规则。那么,防火墙运营平台设置防火墙规则A的优先级为1;When the identification information of the latter firewall rule is empty, and the preceding firewall rule of firewall rule A is empty, the target firewall rule list B is empty, that is, firewall rule A is the first rule. Then, the firewall operation platform sets the priority of firewall rule A to 1;

当后一条防火墙规则的识别信息不为空,且防火墙规则A的前置防火墙规则为空时,则防火墙规则A为优先级最高的规则。那么,防火墙运营平台更新目标防火墙规则列表B所有防火墙规则的优先级加1,之后设置防火墙规则A的优先级为1;When the identification information of the latter firewall rule is not empty and the preceding firewall rule of firewall rule A is empty, then firewall rule A is the rule with the highest priority. Then, the firewall operation platform updates the priority of all firewall rules in the target firewall rule list B, plus 1, and then sets the priority of firewall rule A to 1;

当后一条防火墙规则的识别信息不为空,且防火墙规则A的前置防火墙规则不为空时,则防火墙规则A插入顺序处于目标防火墙规则列表B的中间,那么,防火墙运营平台设置防火墙规则A的前置防火墙规则的后一条防火墙规则识别信息设置为防火墙规则A的识别信息,更新优先级大于防火墙规则A的前置防火墙规则优先级的所有防火墙规则的优先级加1,设置防火墙规则A的优先级为防火墙规则A的前置防火墙规则优先级加1。When the identification information of the latter firewall rule is not empty and the preceding firewall rule of firewall rule A is not empty, then the insertion sequence of firewall rule A is in the middle of the target firewall rule list B, then the firewall operation platform sets firewall rule A The identification information of the last firewall rule of the preceding firewall rule is set to the identification information of firewall rule A, and the priority of all firewall rules whose update priority is greater than the priority of the preceding firewall rule of firewall rule A is increased by 1, and the priority of firewall rule A is set. The priority is the priority of the preceding firewall rule of firewall rule A plus 1.

其中,防火墙规则列表B中优先级1的防火墙规则优先级最高,数值越大,优先级越低。Among them, the firewall rule with priority 1 in the firewall rule list B has the highest priority, and the larger the value, the lower the priority.

这里,相较于本发明实施例的技术方案,现有技术中对同一IP设置多条防火墙规则时,可以对所设置的防火墙规则进行优先级设置。如图5所示,在向终端设备显示防火墙规则时,会从防火墙设备处而非防火墙运营平台侧获取防火墙规则列表,防火墙规则列表到达防火墙运营平台侧后,必要时对防火墙规则添加防火墙运营平台侧的附加信息。比如,防火墙规则中IP所绑定的资源信息。最后对防火墙规则的优先级进行排序后返回到页面进行显示。整个流程需要对防火墙设备处返回的防火墙规则进行排序设置优先级,添加防火墙运营平台侧的规则信息。Here, compared with the technical solutions of the embodiments of the present invention, when multiple firewall rules are set for the same IP in the prior art, the priority of the set firewall rules can be set. As shown in Figure 5, when the firewall rules are displayed to the terminal device, the firewall rule list is obtained from the firewall device instead of the firewall operation platform side. After the firewall rule list reaches the firewall operation platform side, the firewall operation platform is added to the firewall rules if necessary. Additional information on the side. For example, the resource information bound to the IP in the firewall rule. Finally, sort the priority of firewall rules and return to the page for display. The entire process needs to sort and prioritize the firewall rules returned by the firewall device, and add rule information on the firewall operation platform side.

如图6所示,现有技术方案中防火墙规则存储于设备层的硬件中,通过对硬件设备分区形成有顺序的区间,防火墙规则就存储于这些区间中,维系着防火墙规则的优先级顺序,新防火墙规则按照优先级的大小插入到不同的区间中,当防火墙规则要插入的某个区间防火墙规则数量达到最大值时,比该区间中防火墙规则优先级低的所有中的防火墙规则需要向后移一个区间,以腾出空的区间让所述新防火墙规则插入。As shown in FIG. 6 , in the prior art solution, firewall rules are stored in the hardware of the device layer. By partitioning hardware devices into sequential intervals, firewall rules are stored in these intervals, maintaining the priority order of firewall rules. New firewall rules are inserted into different zones according to their priorities. When the number of firewall rules in a zone to be inserted by a firewall rule reaches the maximum value, all firewall rules with a lower priority than the firewall rules in the zone need to be backward. Move an interval to make room for the new firewall rule to be inserted.

可知,防火墙规则存储于防火墙设备侧,终端设备要获取防火墙规则列表需要与防火墙运营平台及防火墙设备侧进行信息交互,由防火墙运营平台设置防火墙规则列表的顺序,然后发送给终端设备。终端设备获取防火墙规则列表的交互信息较多,请求链较长。此外,防火墙规则列表中插入或删除防火墙规则时,需要在防火墙运营平台侧维护防火墙规则的优先级顺序。当新的防火墙规则插入时,可能会引起多个区间中的防火墙规则进行变动,防火墙规则插入过程相对复杂,效率低下。It can be seen that the firewall rules are stored on the firewall device side. To obtain the firewall rule list, the terminal device needs to exchange information with the firewall operation platform and the firewall device side. The firewall operation platform sets the order of the firewall rule list and sends it to the terminal device. The terminal device obtains a lot of interactive information about the firewall rule list, and the request chain is long. In addition, when inserting or deleting firewall rules from the firewall rule list, the priority order of the firewall rules needs to be maintained on the firewall operation platform side. When a new firewall rule is inserted, the firewall rules in multiple sections may be changed, and the firewall rule insertion process is relatively complicated and inefficient.

可见,上述现有技术中,终端设备获取防火墙规则列表,需要与防火墙运营平台和防火墙设备进行交互。并且,防火墙规则插入到防火墙规则列表或者从防火墙规则列表中删除防火墙规则的过程,都需要对防火墙列表中的防火墙规则的所在区间进行调整。上述现有技术中,无法仅根据插入的防火墙规则的优先级,便实现对防火墙规则列表中的其他防火墙规则优先级的调整,得到调整后防火墙规则列表。同时,也无法将防火墙规则列表保存在防火墙运营平台,从而使得终端设备只需与防火墙运营平台进行交互便可以获取防火墙规则列表。It can be seen that in the above-mentioned prior art, the terminal device needs to interact with the firewall operation platform and the firewall device to obtain the firewall rule list. In addition, in the process of inserting the firewall rule into the firewall rule list or deleting the firewall rule from the firewall rule list, it is necessary to adjust the interval of the firewall rule in the firewall list. In the above-mentioned prior art, it is impossible to adjust the priority of other firewall rules in the firewall rule list only according to the priority of the inserted firewall rule, and obtain the adjusted firewall rule list. At the same time, the firewall rule list cannot be saved in the firewall operation platform, so that the terminal device can obtain the firewall rule list only by interacting with the firewall operation platform.

然而,本实施例中在防火墙运营平台实现了防火墙规则插入防火墙规则列表的过程。具体的,通过给第一防火墙规则添加了优先级字段,根据所述第一防火墙规则携带的信息,直接确定所述第一防火墙规则在目标防火墙列表中的优先级。防火墙运营平台根据所述第一防火墙规则的优先级,对所述目标防火墙规则列表中的其他防火墙规则的优先级进行相应调整。并且无需防火墙规则列表中各防火墙规则重新调整存储区间的过程。可见,简化了防火墙规则的插入过程。进一步的,防火墙运营平台将插入所述第一防火墙规则的目标防火墙规则列表直接推送至终端设备,简化了与终端设备的交互过程。However, in this embodiment, the process of inserting the firewall rules into the firewall rule list is implemented on the firewall operation platform. Specifically, by adding a priority field to the first firewall rule, the priority of the first firewall rule in the target firewall list is directly determined according to the information carried by the first firewall rule. The firewall operation platform correspondingly adjusts the priorities of other firewall rules in the target firewall rule list according to the priority of the first firewall rule. And there is no need to readjust the storage interval for each firewall rule in the firewall rule list. It can be seen that the process of inserting firewall rules is simplified. Further, the firewall operation platform directly pushes the target firewall rule list inserted into the first firewall rule to the terminal device, which simplifies the interaction process with the terminal device.

实施例二、Embodiment two,

本实施例中,对防火墙运营平台将防火墙规则从防火墙规则列表中删除的过程进行详细描述。In this embodiment, the process of deleting the firewall rule from the firewall rule list by the firewall operation platform is described in detail.

这里,防火墙运营平台需要将防火墙规则从防火墙规则列表中删除时,会出现以下几种情况。具体的,当所述目标防火墙规则列表中只含有所述第二防火墙规则这一条防火墙规则,那么删除所述第二防火墙规则后,所述目标防火墙规则列表为空;当所述目标防火墙规则列表中包含除所述第二防火墙规则外至少一条剩余的防火墙规则时,根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的至少一条剩余防火墙规则的优先级。Here, when the firewall operation platform needs to delete the firewall rule from the firewall rule list, the following situations will occur. Specifically, when the target firewall rule list only contains the second firewall rule, then after deleting the second firewall rule, the target firewall rule list is empty; when the target firewall rule list When at least one remaining firewall rule is included in the target firewall rule list, the priority of at least one remaining firewall rule in the target firewall rule list is adjusted according to the priority of the second firewall rule.

进一步的,防火墙运营平台根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条剩余防火墙规则的优先级,包括:Further, the firewall operation platform adjusts the priority of the at least one remaining firewall rule in the target firewall rule list according to the priority of the second firewall rule, including:

若所述第二防火墙规则在所述目标防火墙规则列表中的优先级为1,即优先级最高,则将所述目标防火墙规则列表中优先级大于1的各防火墙规则的优先级均减1;If the priority of the second firewall rule in the target firewall rule list is 1, that is, the priority is the highest, then reduce the priority of each firewall rule with a priority greater than 1 in the target firewall rule list by 1;

若所述第二防火墙规则在所述目标防火墙规则列表中的优先级最低,则所述目标防火墙规则列表中的至少一条剩余防火墙规则的优先级不变;If the priority of the second firewall rule in the target firewall rule list is the lowest, the priority of at least one remaining firewall rule in the target firewall rule list remains unchanged;

若所述第二防火墙规则的优先级在所述目标防火墙规则列表中排在中间,则将优先级大于所述第二防火墙规则的各防火墙规则优先级减1。If the priority of the second firewall rule is in the middle in the target firewall rule list, the priority of each firewall rule whose priority is greater than the second firewall rule is decreased by 1.

进一步的,防火墙运营平台可以基于所述第二防火墙规则携带的信息,确定所述第二防火墙规则在所述目标防火墙规则列表中的排列位置。具体的:Further, the firewall operation platform may determine the arrangement position of the second firewall rule in the target firewall rule list based on the information carried by the second firewall rule. specific:

若所述第二防火墙规则的优先级为1,则所述第二防火墙规则排在所述目标防火墙规则列表的第一位;If the priority of the second firewall rule is 1, the second firewall rule is ranked first in the target firewall rule list;

若所述第二防火墙规则的优先级不为1且所述第二防火墙规则携带信息为后一条防火墙规则ID信息为空,则所述第二防火墙规则排在所述目标防火墙规则列表的最后;If the priority of the second firewall rule is not 1 and the information carried by the second firewall rule is that the next firewall rule ID information is empty, then the second firewall rule is ranked at the end of the target firewall rule list;

若所述第二防火墙规则的优先级不为1且所述第二防火墙规则携带信息为后一条防火墙规则ID信息不为空,则所述第二防火墙规则排在所述目标防火墙规则列表的中间位置。If the priority of the second firewall rule is not 1 and the information carried by the second firewall rule is the next firewall rule ID information is not empty, the second firewall rule is ranked in the middle of the target firewall rule list Location.

进一步的,将所述第二防火墙规则从所述目标防火墙规则列表删除的过程是在防火墙运营平台中完成。Further, the process of deleting the second firewall rule from the target firewall rule list is completed in the firewall operation platform.

下面结合一个实例,对防火墙规则C从目标防火墙规则列表B中删除的过程进行详细描述。The following is a detailed description of the process of deleting firewall rule C from target firewall rule list B with reference to an example.

如图7所示,当防火墙规则C优先级为1,则防火墙规则C为目标防火墙规则列表B中优先级最高的规则,防火墙运营平台对所有优先级大于1的规则设置其优先级都减1;As shown in Figure 7, when the priority of firewall rule C is 1, the firewall rule C is the rule with the highest priority in the target firewall rule list B, and the firewall operation platform sets the priority of all rules with a priority greater than 1 to decrease by 1 ;

当防火墙规则C优先级不为1,且防火墙规则C的后一条防火墙规则的识别信息为空,则防火墙规则C为目标防火墙规则列表B中优先级最低的规则,那么,防火墙运营平台设置防火墙规则C的前置防火墙规则的后一条防火墙规则的识别信息为空;When the priority of firewall rule C is not 1, and the identification information of the next firewall rule of firewall rule C is empty, then firewall rule C is the rule with the lowest priority in target firewall rule list B, then the firewall operation platform sets the firewall rule The identification information of the last firewall rule of the preceding firewall rule of C is empty;

当防火墙规则C优先级不为1,且防火墙规则C的后一条防火墙规则的识别信息不为空,则防火墙规则C处于目标防火墙规则列表B的中间位置,那么,防火墙运营平台将防火墙规则C的前置防火墙规则的后一条防火墙规则的识别信息设置为防火墙规则C的后置防火墙规则的识别信息,并且设置目标防火墙规则列表B中优先级大于防火墙规则C的所有防火墙规则优先级减1。When the priority of firewall rule C is not 1, and the identification information of the next firewall rule of firewall rule C is not empty, then firewall rule C is in the middle of target firewall rule list B, then the firewall operation platform will The identification information of the last firewall rule of the preceding firewall rule is set to the identification information of the subsequent firewall rule of firewall rule C, and the priority of all firewall rules whose priority is greater than that of firewall rule C in target firewall rule list B is set minus 1.

进一步的,防火墙规则插入防火墙规则列表及从防火墙规则列表中删除防火墙规则均是在防火墙运营平台完成的。也就是说,防火墙规则的维护过程是在防火墙运营平台实现的。当目标终端设备查询防火墙规则列表时,直接向防火墙运营平台发送请求,防火墙运营平台接收到目标用户终端的访问所述目标防火墙规则列表的请求;防火墙运营平台便会根据所述请求,直接将所述目标防火墙规则列表推送至所述目标用户终端,简化了防火墙规则列表的排序过程。Further, the insertion of firewall rules into the firewall rule list and the deletion of firewall rules from the firewall rule list are completed on the firewall operation platform. That is to say, the maintenance process of firewall rules is implemented on the firewall operation platform. When the target terminal device queries the firewall rule list, it directly sends a request to the firewall operation platform, and the firewall operation platform receives the request from the target user terminal to access the target firewall rule list; The target firewall rule list is pushed to the target user terminal, which simplifies the sorting process of the firewall rule list.

本实施例中,在防火墙运营平台实现了将防火墙规则从防火墙规则列表中删除的过程,并且对防火墙规则列表中至少一个剩余防火墙规则进行优先级调整。进一步的,防火墙规则的调整过程不涉及防火墙规则所在区间的调整,从而使得防火墙规则的删除过程得到了简化。In this embodiment, the firewall operation platform implements the process of deleting the firewall rule from the firewall rule list, and adjusts the priority of at least one remaining firewall rule in the firewall rule list. Further, the adjustment process of the firewall rules does not involve the adjustment of the interval where the firewall rules are located, so that the deletion process of the firewall rules is simplified.

实施例三、Embodiment three,

为实现上述防火墙规则处理方法,本发明实施例还提供了一种防火墙规则处理装置,所述装置的组成结构示意图如图8所示,包括:第一确定模块81、插入模块82;其中,In order to realize the above firewall rule processing method, an embodiment of the present invention further provides a firewall rule processing device. The schematic diagram of the composition structure of the device is shown in FIG. 8 , including: a first determination module 81 and an insertion module 82; wherein,

所述第一确定模块81,用于基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;The first determining module 81 is configured to determine the priority of the first firewall rule in the target firewall rule list based on the information carried by the first firewall rule;

其中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息;进一步的,所述第一防火墙规则的ID信息、所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息等信息可以存储在云平台的数据库中,当第一防火墙规则插入目标防火墙列表时,由防火墙运营平台从云平台的数据库中调取。Wherein, the information carried by the first firewall rule includes at least the ID information of the next firewall rule of the first firewall rule and the status information of the previous firewall rule of the first firewall rule; further, the first firewall rule Information such as the ID information of a firewall rule, the ID information of the next firewall rule of the first firewall rule, and the status information of the previous firewall rule of the first firewall rule can be stored in the database of the cloud platform. When a firewall rule is inserted into the target firewall list, the firewall operation platform retrieves it from the database of the cloud platform.

所述插入模块82,用于根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。The inserting module 82 is configured to insert the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list.

这里,根据第一防火墙规则的优先级字段,可以明确其优先级。若所述目标防火墙规则列表中没有任何防火墙规则,则将所述第一防火墙规则直接插入所述目标防火墙规则列表,且优先级为1,即优先级最高。Here, according to the priority field of the first firewall rule, its priority can be specified. If there is no firewall rule in the target firewall rule list, the first firewall rule is directly inserted into the target firewall rule list, and the priority is 1, that is, the priority is the highest.

这里,所述装置还包括第二确定模块,用于基于所述第一防火墙规则携带的信息,确定所述第一防火墙规则在所述目标防火墙规则列表中的排列位置。Here, the apparatus further includes a second determining module, configured to determine the arrangement position of the first firewall rule in the target firewall rule list based on the information carried by the first firewall rule.

具体的,若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息为空且前一条防火墙规则不为空,则所述第一防火墙排在所述目标防火墙规则列表的最后;Specifically, if the information carried by the first firewall rule is that the ID information of the next firewall rule is empty and the previous firewall rule is not empty, then the first firewall is ranked at the end of the target firewall rule list;

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息为空且前一条防火墙规则为空,则所述目标防火墙列表为空,所述第一防火墙是所述目标防火墙规则列表中的第一条规则;If the information carried by the first firewall rule is that the ID information of the next firewall rule is empty and the previous firewall rule is empty, the target firewall list is empty, and the first firewall is in the target firewall rule list. the first rule;

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息不为空且前一条防火墙规则为空,则所述第一防火墙排在所述目标防火墙规则列表的第一位;If the information carried by the first firewall rule is that the ID information of the next firewall rule is not empty and the previous firewall rule is empty, then the first firewall is ranked first in the target firewall rule list;

若所述第一防火墙规则携带的信息为后一条防火墙规则的ID信息不为空且前一条防火墙规则不为空,所述第一防火墙排在所述目标防火墙规则列表的中间位置。If the information carried by the first firewall rule is that the ID information of the next firewall rule is not empty and the previous firewall rule is not empty, the first firewall is ranked in the middle of the target firewall rule list.

进一步的,所述装置还包括第一调整模块,用于当所述目标防火墙规则列表中包含除所述第一防火墙规则外的至少一条其他防火墙规则时,根据所述第一防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级。进一步的,所述第一调整模块,具体用于:Further, the apparatus further includes a first adjustment module for, when the target firewall rule list contains at least one other firewall rule except the first firewall rule, according to the priority of the first firewall rule , adjusting the priority of the at least one other firewall rule in the target firewall rule list. Further, the first adjustment module is specifically used for:

若所述第一防火墙规则在所述目标防火墙规则列表中的优先级最低,则所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级不变;If the priority of the first firewall rule in the target firewall rule list is the lowest, the priority of the at least one other firewall rule in the target firewall rule list remains unchanged;

若所述第一防火墙规则在所述目标防火墙规则列表中的优先级最高,则所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级均加1;If the priority of the first firewall rule in the target firewall rule list is the highest, the priority of the at least one other firewall rule in the target firewall rule list is increased by 1;

若所述第一防火墙规则在所述目标防火墙规则列表中的优先级排在中间,则将所述目标防火墙规则列表中的优先级大于所述第一防火墙规则的前一条防火墙规则优先级的各防火墙规则的优先级加1。If the priority of the first firewall rule in the target firewall rule list is in the middle, the priority in the target firewall rule list is higher than the priority of the previous firewall rule of the first firewall rule. The priority of the firewall rule is incremented by 1.

进一步的,基于所述第二防火墙规则携带的信息,确定所述第二防火墙规则在所述目标防火墙规则列表中的排列位置,具体的:Further, based on the information carried by the second firewall rule, determine the arrangement position of the second firewall rule in the target firewall rule list, specifically:

若所述第二防火墙规则的优先级为1,则所述第二防火墙规则排在所述目标防火墙规则列表的第一位;If the priority of the second firewall rule is 1, the second firewall rule is ranked first in the target firewall rule list;

若所述第二防火墙规则的优先级不为1且所述第二防火墙规则携带信息为后一条防火墙规则ID信息为空,则所述第二防火墙规则排在所述目标防火墙规则列表的最后;If the priority of the second firewall rule is not 1 and the information carried by the second firewall rule is that the next firewall rule ID information is empty, then the second firewall rule is ranked at the end of the target firewall rule list;

若所述第二防火墙规则的优先级不为1且所述第二防火墙规则携带信息为后一条防火墙规则ID信息不为空,则所述第二防火墙规则排在所述目标防火墙规则列表的中间位置。If the priority of the second firewall rule is not 1 and the information carried by the second firewall rule is the next firewall rule ID information is not empty, the second firewall rule is ranked in the middle of the target firewall rule list Location.

这里,所述装置还包括删除模块,用于从所述目标防火墙规则列表中删除第二防火墙规则。Here, the apparatus further includes a deletion module configured to delete the second firewall rule from the target firewall rule list.

进一步的,所述装置还包括第二调整模块,用于当所述目标防火墙规则列表中包含除所述第二防火墙规则外的所述至少一条剩余防火墙规则时,根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的至少一条剩余防火墙规则的优先级。进一步的,所述第二调整模块,具体用于:Further, the apparatus further includes a second adjustment module for, when the target firewall rule list contains the at least one remaining firewall rule except the second firewall rule, according to the second firewall rule Priority, adjust the priority of at least one remaining firewall rule in the target firewall rule list. Further, the second adjustment module is specifically used for:

若所述第二防火墙规则在所述目标防火墙规则列表中的优先级为1,即优先级最高,则将所述目标防火墙规则列表中优先级大于1的各防火墙规则的优先级均减1;If the priority of the second firewall rule in the target firewall rule list is 1, that is, the priority is the highest, then reduce the priority of each firewall rule with a priority greater than 1 in the target firewall rule list by 1;

若所述第二防火墙规则在所述目标防火墙规则列表中的优先级最低,则所述目标防火墙规则列表中的所述至少一条剩余防火墙规则的优先级不变;If the priority of the second firewall rule in the target firewall rule list is the lowest, the priority of the at least one remaining firewall rule in the target firewall rule list remains unchanged;

若所述第二防火墙规则的优先级在所述目标防火墙规则列表中排在中间,则将优先级大于所述第二防火墙规则的各防火墙规则优先级减1。If the priority of the second firewall rule is in the middle in the target firewall rule list, the priority of each firewall rule whose priority is greater than the second firewall rule is decreased by 1.

进一步的,所述装置还包括推送模块,用于接收到终端设备的访问所述目标防火墙规则列表的请求;根据所述请求,将所述目标防火墙规则列表推送至所述终端设备。Further, the apparatus further includes a push module, configured to receive a request from a terminal device to access the target firewall rule list; according to the request, push the target firewall rule list to the terminal device.

在实际应用中,所述第一确定模块81、插入模块82、第二确定模块、第一调整模块、删除模块、第二调整模块及推送模块均可由位于终端设备中的中央处理器(CPU,CentralProcessing Unit)、微处理器(MPU,Micro Processor Unit)、数字信号处理器(DSP,Digital Signal Processor)、或现场可编程门阵列(FPGA,Field Programmable GateArray)等实现。In practical applications, the first determination module 81, the insertion module 82, the second determination module, the first adjustment module, the deletion module, the second adjustment module and the push module can all be controlled by a central processing unit (CPU, Central Processing Unit), Micro Processor (MPU, Micro Processor Unit), Digital Signal Processor (DSP, Digital Signal Processor), or Field Programmable Gate Array (FPGA, Field Programmable Gate Array) etc.

需要说明的是:上述实施例提供的防火墙规则处理装置在进行防火墙规则处理时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将装置的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的防火墙规则处理装置与防火墙规则处理方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that: when the firewall rule processing apparatus provided by the above embodiment performs firewall rule processing, only the division of the above program modules is used as an example for illustration. In practical applications, the above processing can be allocated to different program modules as required. Completion means dividing the internal structure of the device into different program modules to complete all or part of the processing described above. In addition, the firewall rule processing apparatus and the firewall rule processing method embodiments provided by the above embodiments belong to the same concept, and the specific implementation process thereof is detailed in the method embodiments, which will not be repeated here.

为实现上述方法,本发明实施例还提供了另一种防火墙规则处理装置,该装置包括存储器、处理器及存储在存储器上并能够由所述处理器运行的可执行程序,所述处理器运行所述可执行程序时,执行以下操作:To implement the above method, an embodiment of the present invention further provides another firewall rule processing device, the device includes a memory, a processor, and an executable program stored in the memory and capable of being run by the processor, the processor running When the executable program is executed, do the following:

基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;其中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息;Based on the information carried by the first firewall rule, determine the priority of the first firewall rule in the target firewall rule list; wherein the information carried by the first firewall rule includes at least the next firewall rule of the first firewall rule ID information and the state information of the previous firewall rule of the first firewall rule;

根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。Inserting the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list.

所述处理器还用于运行所述可执行程序时,执行以下操作:When the processor is further configured to run the executable program, the following operations are performed:

基于所述第一防火墙规则携带的信息,确定所述第一防火墙规则在所述目标防火墙规则列表中的排列位置。Based on the information carried by the first firewall rule, the arrangement position of the first firewall rule in the target firewall rule list is determined.

所述处理器还用于运行所述可执行程序时,执行以下操作:When the processor is further configured to run the executable program, the following operations are performed:

当所述目标防火墙规则列表中包含除所述第一防火墙规则外的至少一条其他防火墙规则时,根据所述第一防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级所述处理器还用于运行所述可执行程序时,执行以下操作:When the target firewall rule list contains at least one other firewall rule except the first firewall rule, adjust the at least one other firewall rule in the target firewall rule list according to the priority of the first firewall rule When the processor is further configured to run the executable program, it performs the following operations:

从所述目标防火墙规则列表中删除第二防火墙规则。所述处理器还用于运行所述可执行程序时,执行以下操作:Delete the second firewall rule from the target firewall rule list. When the processor is further configured to run the executable program, the following operations are performed:

当所述目标防火墙规则列表中包含除所述第二防火墙规则外的至少一条剩余防火墙规则时,根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的至少一条剩余防火墙规则的优先级。When the target firewall rule list contains at least one remaining firewall rule except the second firewall rule, adjust at least one remaining firewall rule in the target firewall rule list according to the priority of the second firewall rule priority.

所述处理器还用于运行所述可执行程序时,执行以下操作:When the processor is further configured to run the executable program, the following operations are performed:

接收到终端设备的访问所述目标防火墙规则列表的请求;receiving a request from a terminal device to access the target firewall rule list;

根据所述请求,将所述目标防火墙规则列表推送至所述终端设备。According to the request, the target firewall rule list is pushed to the terminal device.

下面以防火墙规则处理装置实施为用于防火墙规则处理的服务器或终端为例,对该防火墙规则处理装置的硬件结构做进一步说明。The hardware structure of the firewall rule processing apparatus is further described below by taking the example that the firewall rule processing apparatus is implemented as a server or a terminal for firewall rule processing.

图9给出了本发明实施例的防火墙规则处理装置的硬件结构示意图,图9所示的防火墙规则处理装置900包括:至少一个处理器901、存储器902、用户接口903和至少一个网络接口904。所述防火墙规则处理装置900中的各个组件通过总线系统905耦合在一起。可理解,总线系统905用于实现这些组件之间的连接通信。总线系统905除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图9中将各种总线都标为总线系统905。9 shows a schematic diagram of the hardware structure of a firewall rule processing apparatus according to an embodiment of the present invention, and the firewall rule processing apparatus 900 shown in FIG. Various components in the firewall rule processing apparatus 900 are coupled together through a bus system 905 . It can be understood that the bus system 905 is used to implement the connection communication between these components. In addition to the data bus, the bus system 905 also includes a power bus, a control bus and a status signal bus. However, for clarity of illustration, the various buses are labeled as bus system 905 in FIG. 9 .

其中,用户接口903可以包括显示器、键盘、鼠标、轨迹球、点击轮、按键、按钮、触感板或者触摸屏等。The user interface 903 may include a display, a keyboard, a mouse, a trackball, a click wheel, keys, buttons, a touch pad or a touch screen, and the like.

可以理解,存储器902可以是易失性存储器或非易失性存储器,也可包括易失性和非易失性存储器两者。It will be appreciated that the memory 902 may be either volatile memory or non-volatile memory, and may include both volatile and non-volatile memory.

本发明实施例中的存储器902用于存储各种类型的数据以支持防火墙规则处理装置900的操作。这些数据的示例包括:用于在防火墙规则处理装置900上操作的任何计算机程序,如可执行程序9021,实现本发明实施例方法的程序可以包含在可执行程序9021中。The memory 902 in the embodiment of the present invention is used for storing various types of data to support the operation of the firewall rule processing apparatus 900 . Examples of these data include: any computer program for operating on the firewall rule processing apparatus 900 , such as the executable program 9021 , and the program implementing the method of the embodiment of the present invention may be included in the executable program 9021 .

上述本发明实施例揭示的方法可以应用于处理器901中,或者由处理器901实现。处理器901可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器901中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器901可以是通用处理器、DSP,或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。处理器901可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本发明实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于存储器902,处理器901读取存储器902中的信息,结合其硬件完成前述方法的步骤。The methods disclosed in the foregoing embodiments of the present invention may be applied to the processor 901 or implemented by the processor 901 . The processor 901 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above-mentioned method may be completed by an integrated logic circuit of hardware in the processor 901 or an instruction in the form of software. The above-mentioned processor 901 may be a general-purpose processor, a DSP, or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The processor 901 may implement or execute the methods, steps, and logical block diagrams disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in combination with the embodiments of the present invention can be directly embodied as being executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the memory 902, and the processor 901 reads the information in the memory 902, and completes the steps of the foregoing method in combination with its hardware.

在示例性实施例中,本发明实施例还提供了一种存储介质,其上存储有可执行程序,所述可执行程序被防火墙规则处理装置900的处理器901运行时,执行以下操作:In an exemplary embodiment, an embodiment of the present invention further provides a storage medium on which an executable program is stored, and when the executable program is run by the processor 901 of the firewall rule processing apparatus 900, the following operations are performed:

基于第一防火墙规则携带的信息,确定所述第一防火墙规则在目标防火墙规则列表中的优先级;其中,所述第一防火墙规则携带的信息至少包含所述第一防火墙规则的后一条防火墙规则的ID信息、及所述第一防火墙规则的前一条防火墙规则的状态信息;Based on the information carried by the first firewall rule, determine the priority of the first firewall rule in the target firewall rule list; wherein the information carried by the first firewall rule includes at least the next firewall rule of the first firewall rule ID information and the state information of the previous firewall rule of the first firewall rule;

根据所述第一防火墙规则在所述目标防火墙规则列表中的优先级,将所述第一防火墙规则插入到所述目标防火墙规则列表。Inserting the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list.

所述可执行程序被防火墙规则处理装置900的处理器901运行时,还执行以下操作:When the executable program is run by the processor 901 of the firewall rule processing apparatus 900, the following operations are also performed:

基于所述第一防火墙规则携带的信息,确定所述第一防火墙规则在所述目标防火墙规则列表中的排列位置。Based on the information carried by the first firewall rule, the arrangement position of the first firewall rule in the target firewall rule list is determined.

所述可执行程序被防火墙规则处理装置900的处理器901运行时,还执行以下操作:When the executable program is run by the processor 901 of the firewall rule processing apparatus 900, the following operations are also performed:

当所述目标防火墙规则列表中包含除所述第一防火墙规则外的至少一条其他防火墙规则时,根据所述第一防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条其他防火墙规则的优先级。When the target firewall rule list contains at least one other firewall rule except the first firewall rule, adjust the at least one other firewall rule in the target firewall rule list according to the priority of the first firewall rule The priority of the firewall rule.

所述可执行程序被防火墙规则处理装置900的处理器901运行时,还执行以下操作:When the executable program is run by the processor 901 of the firewall rule processing apparatus 900, the following operations are also performed:

从所述目标防火墙规则列表中删除第二防火墙规则。所述可执行程序被防火墙规则处理装置900的处理器901运行时,还执行以下操作:Delete the second firewall rule from the target firewall rule list. When the executable program is run by the processor 901 of the firewall rule processing apparatus 900, the following operations are also performed:

当所述目标防火墙规则列表中包含除所述第二防火墙规则外的至少一条剩余防火墙规则时,根据所述第二防火墙规则的优先级,调整所述目标防火墙规则列表中的所述至少一条剩余防火墙规则的优先级。When the target firewall rule list contains at least one remaining firewall rule except the second firewall rule, adjust the at least one remaining firewall rule in the target firewall rule list according to the priority of the second firewall rule The priority of the firewall rule.

所述可执行程序被防火墙规则处理装置900的处理器901运行时,还执行以下操作:When the executable program is run by the processor 901 of the firewall rule processing apparatus 900, the following operations are also performed:

接收到终端设备的访问所述目标防火墙规则列表的请求;receiving a request from a terminal device to access the target firewall rule list;

根据所述请求,将所述目标防火墙规则列表推送至所述终端设备。According to the request, the target firewall rule list is pushed to the terminal device.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或可执行程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的可执行程序产品的形式。As will be appreciated by those skilled in the art, embodiments of the present invention may be provided as a method, system, or executable program product. Accordingly, the invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of an executable program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.

本发明是参照根据本发明实施例的方法、设备(系统)、和可执行程序产品的流程图和/或方框图来描述的。应理解可由可执行程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些可执行程序指令到通用计算机、专用计算机、嵌入式处理机或参考可编程数据处理设备的处理器以产生一个机器,使得通过计算机或参考可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and executable program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by executable program instructions. These executable program instructions may be provided to a general purpose computer, a special purpose computer, an embedded processor or a processor of a reference programmable data processing apparatus to produce a machine such that the instructions executed by the computer or a processor of a reference programmable data processing apparatus produce a Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些可执行程序指令也可存储在能引导计算机或参考可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The executable program instructions may also be stored in a computer-readable memory capable of directing a computer or reference programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the The instruction means implement the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些可执行程序指令也可装载到计算机或参考可编程数据处理设备上,使得在计算机或参考可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或参考可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These executable program instructions may also be loaded onto a computer or reference programmable data processing apparatus, such that a series of operational steps are performed on the computer or reference programmable apparatus to produce a computer-implemented process for execution on the computer or reference programmable apparatus The instructions provide steps for implementing the functions specified in one or more of the flowcharts and/or one or more blocks of the block diagrams.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (12)

1. A method for processing firewall rules, the method comprising:
determining the priority of the first firewall rule in a target firewall rule list based on information carried by the first firewall rule; the information carried by the first firewall rule at least comprises identification ID information of a firewall rule behind the first firewall rule and state information of a firewall rule before the first firewall rule;
inserting the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list;
the method further comprises the following steps:
when the target firewall rule list contains at least one other firewall rule except the first firewall rule, if the first firewall rule has the lowest priority in the target firewall rule list, the priority of the at least one other firewall rule in the target firewall rule list is unchanged;
if the first firewall rule has the highest priority in the target firewall rule list, adding 1 to the priority of the at least one other firewall rule in the target firewall rule list;
and if the priority of the first firewall rule in the target firewall rule list is arranged in the middle, adding 1 to the priority of each firewall rule of which the priority in the target firewall rule list is greater than the priority of the previous firewall rule of the first firewall rule.
2. The method of claim 1, further comprising:
and determining the arrangement position of the first firewall rule in the target firewall rule list based on the information carried by the first firewall rule.
3. The method of claim 1, further comprising:
and deleting the second firewall rule from the target firewall rule list.
4. The method of claim 3, further comprising:
when the target firewall rule list contains at least one remaining firewall rule except the second firewall rule, the priority of the at least one remaining firewall rule in the target firewall rule list is adjusted according to the priority of the second firewall rule.
5. The method according to any one of claims 1 to 4, further comprising:
receiving a request of terminal equipment for accessing the target firewall rule list;
and pushing the target firewall rule list to the terminal equipment according to the request.
6. A firewall rule processing apparatus, characterized in that the apparatus comprises: a first determining module and an inserting module; wherein,
the first determining module is used for determining the priority of the first firewall rule in a target firewall rule list based on the information carried by the first firewall rule;
the information carried by the first firewall rule at least comprises ID information of a later firewall rule of the first firewall rule and state information of a previous firewall rule of the first firewall rule;
the inserting module is used for inserting the first firewall rule into the target firewall rule list according to the priority of the first firewall rule in the target firewall rule list;
the device further comprises a first adjusting module, configured to, when the target firewall rule list includes at least one other firewall rule except the first firewall rule, if the first firewall rule has the lowest priority in the target firewall rule list, leave the priority of the at least one other firewall rule in the target firewall rule list unchanged;
if the first firewall rule has the highest priority in the target firewall rule list, adding 1 to the priority of the at least one other firewall rule in the target firewall rule list;
and if the priority of the first firewall rule in the target firewall rule list is arranged in the middle, adding 1 to the priority of each firewall rule of which the priority in the target firewall rule list is greater than the priority of the previous firewall rule of the first firewall rule.
7. The apparatus of claim 6, further comprising a second determining module configured to determine an arrangement position of the first firewall rule in the target firewall rule list based on information carried by the first firewall rule.
8. The apparatus of claim 6, further comprising a deletion module configured to delete the second firewall rule from the target firewall rule list.
9. The apparatus of claim 8, further comprising a second adjusting module configured to adjust the priority of at least one remaining firewall rule in the target firewall rule list according to the priority of the second firewall rule when the target firewall rule list contains at least one remaining firewall rule except the second firewall rule.
10. The apparatus according to any one of claims 6 to 9, wherein the apparatus further comprises a push module configured to receive a request from a terminal device to access the target firewall rule list; and pushing the target firewall rule list to the terminal equipment according to the request.
11. A storage medium having stored thereon an executable program, the executable program when executed by a processor implementing the steps of the method of any one of claims 1 to 5.
12. A firewall rule processing apparatus comprising a memory, a processor and an executable program stored on the memory and executable by the processor, wherein the steps of the method according to any one of claims 1 to 5 are performed when the executable program is executed by the processor.
CN201910626279.7A 2019-07-11 2019-07-11 Firewall rule processing method, device and storage medium Active CN112217773B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910626279.7A CN112217773B (en) 2019-07-11 2019-07-11 Firewall rule processing method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910626279.7A CN112217773B (en) 2019-07-11 2019-07-11 Firewall rule processing method, device and storage medium

Publications (2)

Publication Number Publication Date
CN112217773A CN112217773A (en) 2021-01-12
CN112217773B true CN112217773B (en) 2022-07-01

Family

ID=74047783

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910626279.7A Active CN112217773B (en) 2019-07-11 2019-07-11 Firewall rule processing method, device and storage medium

Country Status (1)

Country Link
CN (1) CN112217773B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873441A (en) * 2012-12-12 2014-06-18 中国电信股份有限公司 Firewall safety rule optimization method and device thereof
CN105592086A (en) * 2015-12-22 2016-05-18 Tcl集团股份有限公司 Method and apparatus of managing firewall specific to Android platform
CN108259514A (en) * 2018-03-26 2018-07-06 平安科技(深圳)有限公司 Leak detection method, device, computer equipment and storage medium
CN108900543A (en) * 2018-08-13 2018-11-27 郑州云海信息技术有限公司 The method and apparatus of managing firewall rule

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873441A (en) * 2012-12-12 2014-06-18 中国电信股份有限公司 Firewall safety rule optimization method and device thereof
CN105592086A (en) * 2015-12-22 2016-05-18 Tcl集团股份有限公司 Method and apparatus of managing firewall specific to Android platform
CN108259514A (en) * 2018-03-26 2018-07-06 平安科技(深圳)有限公司 Leak detection method, device, computer equipment and storage medium
CN108900543A (en) * 2018-08-13 2018-11-27 郑州云海信息技术有限公司 The method and apparatus of managing firewall rule

Also Published As

Publication number Publication date
CN112217773A (en) 2021-01-12

Similar Documents

Publication Publication Date Title
US10698900B2 (en) Generating a distributed execution model with untrusted commands
US10698897B2 (en) Executing a distributed execution model with untrusted commands
EP3455746B1 (en) Distributed data access control
CN103248711B (en) A kind of method of files passe and server
KR20200027413A (en) Method, device and system for storing data
CN104090806B (en) The processing method and processing device of AKU, upgrade request
US7539762B2 (en) Method, system and program product for determining an initial number of connections for a multi-source file download
US20210058382A1 (en) Block sequencing method and system based on tree-graph structure, and data processing terminal
CN113691575B (en) Communication method, device and system
CN112765663B (en) File access control method, device, equipment, server and storage medium
CN109298937A (en) File parsing method and network device
CN113342746A (en) File management system, file management method, electronic device, and storage medium
CN110414257A (en) A data access method and server
CN110147350A (en) File search method, device, electronic equipment and storage medium
CN109271193B (en) Data processing method, device, equipment and storage medium
CN104038566A (en) Virtual switching device address learning method, apparatus and system
CN112035413B (en) Metadata information query method, device and storage medium
CN112217773B (en) Firewall rule processing method, device and storage medium
US10448124B2 (en) Method and system for issuing media information
CN117708210A (en) Data importing method and device, electronic equipment and nonvolatile storage medium
CN114979053B (en) Instant messaging session management method, device, system, equipment and medium
CN107453950B (en) An information processing method and monitoring system
CN107977381B (en) Data configuration method, index management method, related device and computing equipment
WO2018217406A1 (en) Providing instant preview of cloud based file
US11409796B1 (en) Generational databases for managing time series data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant