公开(公告)号：US20070255861A1

公开(公告)日：2007-11-01

申请号：US11498624

申请日：2006-08-03

申请人： Michael T. Kain ,  Gary J. Salamon ,  Ray R. Tenaglio ,  Jon Sistowicz ,  David A. Dean

发明人： Michael T. Kain ,  Gary J. Salamon ,  Ray R. Tenaglio ,  Jon Sistowicz ,  David A. Dean

IPC分类号： G06F3/00

CPC分类号： H04L63/029 ,  H04L63/0218 ,  H04L63/0263

摘要： A computing system having host computer and an I/O processor (IOP) provides firewall services to the host computer. When the host computer and the IOP are initialized, all of the communication ports are reset to a closed state. Application programs are loaded into memory of the host computer for execution and provide the identity of communication ports to be used by the application. The identity of the requested communication ports are used to instruct the IOP to open the communication port to accept network data packets that use the particular port. When the application terminates operation, the communication ports used by the application are closed to provide dynamic control over communication ports. This process ensures that only ports currently used by applications currently executing within the host computer are open without administrator action.

摘要翻译： 具有主计算机和I / O处理器（IOP）的计算系统向主计算机提供防火墙服务。 当主计算机和IOP被初始化时，所有通信端口都被复位到关闭状态。 将应用程序加载到主计算机的存储器中以供执行，并提供要由应用程序使用的通信端口的标识。 所请求的通信端口的身份用于指示IOP打开通信端口以接受使用特定端口的网络数据包。 当应用程序终止操作时，应用程序使用的通信端口关闭，以提供对通信端口的动态控制。 此过程确保当前正在主机中执行的应用程序当前使用的端口在没有管理员操作的情况下打开。