| 摘要 |
A firewall (3), controlling network data packet traffic between internal and external networks (1,5,4), comprising filtering means, in dependence of the contents in data fields of a data packet being transmitted between said networks, selecting from a total set of rules a rule applicable to the data packet, whereby said packet is blocked or forwarded through the firewall (3). A 2-dimensional address lookup means (8) performs a 2-dimensional lookup of the source and destination addresses of the packet in a set of address prefixes, each prefix having a subset of rules of the total set of rules, in order to find a prefix associated with said source and destination addresses, and rule matching means (10), performs-based on the contents of said data fields-a rule matching in order to find the rule applicable to the data packet. |
