Policy-Based Parametric Firewall Configuration: A Real-Case Application

Bologna, Italy June 13-June 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.34

Eighth IEEE International Workshop on ...

	This Article
	PURCHASE ARTICLE: $0 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Massimo Marchi Articles by Romeo Penzo Articles by Alessandro Provetti

	ASCII Text	x
	Massimo Marchi, Romeo Penzo, Alessandro Provetti, "Policy-Based Parametric Firewall Configuration: A Real-Case Application," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 276, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07), 2007.

	BibTex	x
	@article{ 10.1109/POLICY.2007.34, author = {Massimo Marchi and Romeo Penzo and Alessandro Provetti}, title = {Policy-Based Parametric Firewall Configuration: A Real-Case Application}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2007}, isbn = {0-7695-2767-1}, pages = {276}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2007.34}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Policy-Based Parametric Firewall Configuration: A Real-Case Application SN - 0-7695-2767-1 SP EP A1 - Massimo Marchi, A1 - Romeo Penzo, A1 - Alessandro Provetti, PY - 2007 KW - null VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

Massimo Marchi, Univ. di Milano, Italy

Romeo Penzo, Regione Lombardia, Italy

Alessandro Provetti, Univ. di Messina, Italy

We describe a simple policy language for setting up and running firewalls (FW). The language allows to describe sophisticated policies for controlling network connections. Composition is done at set-up time, when a parser, starting from a given policy, generates the relative configuration file for one or more firewalls operating the industry-standard Linux Iptables kernel extension. The policy captures the essence of the desired requirements and constrains upon connections between zones. The language has been designed and it is currently on testing in the context of a large intra/extranet with more than 10,000 assigned IP addresses.

Citation:

Massimo Marchi, Romeo Penzo, Alessandro Provetti, "Policy-Based Parametric Firewall Configuration: A Real-Case Application," policy, pp.276, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.