| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a method and a system for implementing a firewall architecture in a network device. <P>SOLUTION: The architecture includes a plurality of network layers, a first firewall engine, and one or more callout modules. The layers send packets and packet information to the first firewall engine, maintain a packet contexts, then pass them to subsequent layers, and process the packets. The first firewall engine compares the packet information with one or more installed filters and returns to the layers an action indicating how to treat the packets. The callouts provide additional functionality such intrusion detection, logging, and parential control functions. <P>COPYRIGHT: (C)2005,JPO&NCIPI</p> |
