Policy-Based Parametric Firewall Configuration: A Real-Case Application

Author

Marchi, Massimo ; Penzo, Romeo ; Provetti, Alessandro

Author_Institution

Univ. di Milano, Milano

fYear

2007

fDate

13-15 June 2007

Firstpage

276

Lastpage

276

Abstract

We describe a simple policy language for setting up and running firewalls (FW). The language allows to describe sophisticated policies for controlling network connections. Composition is done at set-up time, when a parser, starting from a given policy, generates the relative configuration file for one or more firewalls operating the industry-standard Linux Iptables kernel extension. The policy captures the essence of the desired requirements and constrains upon connections between zones. The language has been designed and it is currently on testing in the context of a large intra/extranet with more than 10,000 assigned IP addresses.

Keywords

Linux; authorisation; IP addresses; industry-standard Linux Iptables kernel extension; network connections. controlling; policy language; policy-based parametric firewall configuration; sophisticated policies; Extranets; Kernel; Linux; Logic programming; Mirrors; Network servers; Page description languages; Spine; Testing; Writing;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on

Conference_Location

Bologna

Print_ISBN

0-7695-2767-1

Type

conf

DOI

10.1109/POLICY.2007.34

Filename

4262602

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2953290