MULTI-LAYER BASED METHOD FOR REALIZING A NETWORK FIRE WALL, PARTICULARLY CONCERNED WITH PERMITTING NON-REQUEST COMMUNICATION WITH A TRUSTED NETWORK DEVICE WHILE CUTTING OFF NON-REQUEST COMMUNICATION FROM OTHER NETWORK DEVICE

摘要

PURPOSE: A multi-layer based method for realizing a network fire wall is provided to include plural layers in a fire wall framework, so that each layer can process packets according to a layer protocol while requesting a fire wall policy to be applied to the packets, then to include a fire wall engine in the firewall framework. CONSTITUTION: A requesting layer for identifying packet parameters issues a classification request for predetermined packets(452). Filters matched with the packet parameters of the classification request are identified(454). Based on the matched filters, whether to drop the packets is determined(456). If so, the packets are dropped. If the packets are not dropped, the requesting layer processes the packets, and changes a packet context data structure(458). If an additional layer does not exist(460), the process is completed.