CN112866008B - NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium - Google Patents
NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112866008B CN112866008B CN202011643827.6A CN202011643827A CN112866008B CN 112866008 B CN112866008 B CN 112866008B CN 202011643827 A CN202011643827 A CN 202011643827A CN 112866008 B CN112866008 B CN 112866008B
- Authority
- CN
- China
- Prior art keywords
- attribute
- nat rule
- detected
- enabling
- enabling attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012545 processing Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 description 14
- 238000013461 design Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000013519 translation Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000007547 defect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides an enabling attribute configuration method, a device, electronic equipment and a storage medium of NAT rules, wherein each NAT rule comprises a first enabling attribute and a second enabling attribute, the first enabling attribute represents whether the second enabling attribute of the NAT rule needs to be modified, and the second enabling attribute represents whether the NAT rule is enabled, and the method comprises the following steps: under the condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled, determining whether the current moment is within a predetermined target time period; determining a second enabling attribute of the NAT rule to be detected; and when the current moment is determined to be within the target time period, configuring the second enabling attribute to be enabled. The process does not need to be judged manually or configured with the second enabling attribute of the rule to be detected manually, and is accurate in configuration, high in efficiency and low in cost.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for configuring an enabling attribute of a NAT rule.
Background
With the rapid development of network technology, network security attracts a great deal of attention from the whole society, and network security communication devices are beginning to be deployed in large quantities into actual network environments. Network address translation (Network Address Translation, NAT) has the property of hiding private network topology, so NAT is supported by a large number of network security communication devices as an important line of security. As the number of NAT rules configured on the network security communications device increases, the problem of high costs of network maintenance and management becomes more and more prominent, and the management cost becomes higher and higher.
However, in the prior art, for each NAT rule, an administrator is required to analyze the enabling attribute of the NAT rule to manually configure the enabling attribute of the NAT rule at the current moment according to the analysis result, when the NAT rule to be managed is relatively large, the configuration cost of the enabling attribute of the NAT rule becomes very large, and the efficiency is very low by manually continuously deleting the enabling attribute of the NAT rule.
For example, when a company accesses the Internet during a working time, it needs to enable the NAT rule (i.e. the enabling attribute of the current moment of the NAT rule is configured to be enabled) to perform network address translation, and when the NAT rule is disabled during a non-working time (i.e. the enabling attribute of the current moment of the NAT rule is configured to be disabled), if an administrator needs to manually configure the enabling attribute of the NAT rule every day and every other day, the management and maintenance costs thereof become very high.
Disclosure of Invention
In view of this, an object of the embodiments of the present application is to provide a method, an apparatus, an electronic device, and a storage medium for configuring an enabling attribute of a NAT rule, so as to improve the configuration efficiency of a second enabling attribute of a NAT rule on the premise of reducing the configuration cost of the second enabling attribute of the NAT rule of a network security communication device.
In a first aspect, an embodiment of the present application provides an enabling attribute configuration method of NAT rules, where each NAT rule includes a first enabling attribute and has a second enabling attribute, where the first enabling attribute characterizes whether modification is required for a second enabling attribute of the NAT rule, and the second enabling attribute characterizes whether the NAT rule is enabled, and the method includes: under the condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled, determining whether the current moment is within a predetermined target time period; determining a second enabling attribute of the NAT rule to be detected; and when the current moment is determined to be within the target time period, configuring the second enabling attribute to be enabled.
In the implementation process, by presetting the target time period of the NAT rule to be detected and automatically determining whether the current moment is in the target time period under the condition that the first enabling attribute of the NAT rule to be detected is enabled, if so, the second enabling attribute of the NAT rule to be detected is automatically configured to be enabled, and the process does not need manual judgment or manual continuous configuration of the second enabling attribute of the NAT rule to be detected, so that the configuration is accurate, the efficiency is high, and the cost is low.
Based on the first aspect, in one possible design, the method further includes: the second enable attribute is configured to be disabled upon determining that the current time is not within the target time period.
In the implementation process, when the current moment is not in the target time period, the second enabling attribute is automatically configured to be disabled, so that other devices can access the network security communication device configured with the NAT rule to be detected in the time except the target time period.
Based on the first aspect, in one possible design, the configuring, when it is determined that the current time is within the target period of time, the second enabling attribute of the NAT rule to be detected as enabled includes: and when the current moment is determined to be within the target time period, if the second enabling attribute is determined not to be configured to be enabled, configuring the second enabling attribute to be enabled.
In the implementation process, when the current moment is determined to be within the target time period, the second enabling attribute needs to be configured as enabled, so that the defect that the configuration cost is increased by reconfiguring the second enabling attribute when the second enabling attribute is configured as enabled is avoided by configuring the second enabling attribute as enabled only when the second enabling attribute is determined to be not configured as enabled.
Based on the first aspect, in one possible design, the method further includes: and determining the target time period from the NAT rule to be detected.
In the implementation process, the target time period is set in the rule to be detected in advance, so that the target time period can be determined quickly and accurately.
Based on the first aspect, in one possible design, before the determining whether the current moment is within the predetermined target period of time under the condition that the first enabling attribute of the NAT rule to be detected is configured to be enabled, the method further includes: when an instruction that the NAT rule to be detected is configured is received, determining the first enabling attribute from the NAT rule to be detected; determining that the first enable attribute is configured to be enabled.
In the implementation process, when an instruction that the NAT rule to be detected is configured is received, the first enabling attribute is determined from the NAT rule to be detected, so that the defect that the load of the server is increased due to continuously obtaining the first attribute is avoided, and meanwhile, the obtained first enabling attribute is the latest enabling attribute under the condition that the NAT rule to be detected is reconfigured, and further, the fact that the second enabling attribute of the NAT rule to be detected can be accurately configured is ensured.
Based on the first aspect, in one possible design, the method further includes: receiving a message to be processed; and when the second enabling attribute of the NAT rule to be detected is determined to be enabling, processing the message according to the NAT rule to be detected.
In the implementation process, after receiving the message to be processed, if it is determined that the second enabling attribute of the NAT rule to be detected is enabled (i.e., the NAT rule is represented to be in an enabled state at the current time), the message is processed according to the NAT rule to be detected, so as to ensure network security.
In a second aspect, an embodiment of the present application provides an enabling attribute configuration apparatus for NAT rules, where each NAT rule includes a first enabling attribute and has a second enabling attribute, and the first enabling attribute characterizes whether modification is required to the second enabling attribute of the NAT rule, and the apparatus includes: a time validity determining unit, configured to determine, on a condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled, whether the current time is within a predetermined target time period; a second enabling attribute determining unit, configured to determine a second enabling attribute of the NAT rule to be detected; and the first configuration unit is used for configuring the second enabling attribute as enabling when the current moment is determined to be in the target time period.
Based on the second aspect, in one possible design, the apparatus further comprises: and a second configuration unit, configured to configure the second enabling attribute to be disabled when it is determined that the current time is not within the target time period.
Based on the second aspect, in one possible design, the first configuration unit is specifically configured to configure the second enable attribute to be enabled if it is determined that the second enable attribute is not configured to be enabled when it is determined that the current time is within the target time period.
Based on the second aspect, in one possible design, the apparatus further comprises: and the time period determining unit is used for determining the target time period from the NAT rule to be detected.
Based on the second aspect, in one possible design, the apparatus further comprises: a first enabling attribute determining unit, configured to determine, when receiving an instruction that the NAT rule to be detected is configured, the first enabling attribute from the NAT rule to be detected; and determining that the first enable attribute is configured to be enabled.
Based on the second aspect, in one possible design, the apparatus further comprises: the message processing unit is used for receiving the message to be processed; and when the second enabling attribute of the NAT rule to be detected is determined to be enabling, processing the message according to the NAT rule to be detected.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory connected to the processor, where the memory stores a computer program, and when the computer program is executed by the processor, causes the electronic device to perform the method of the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium having stored therein a computer program which, when run on a computer, causes the computer to perform the method of the first aspect.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for configuring an enabling attribute of a network address translation (Network Address Translation, NAT) rule according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of an enabling attribute configuration device of NAT rule according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Icon: enabling attribute configuration means of the 200-NAT rule; 210-a time validity determination unit; 220-a second enabling attribute determination unit; 230-a first configuration unit; 300-an electronic device; 301-a processor; 302-memory; 303-communication interface.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a flowchart of a method for configuring an enabling attribute of a NAT rule according to an embodiment of the present application. Each NAT rule includes a first enable attribute and has a second enable attribute. The first enabling attribute characterizes whether a modification to a second enabling attribute of the NAT rule is required. The second enabling attribute characterizes whether the NAT rule is enabled. The flow shown in fig. 1 will be described in detail, and the method includes: S11-S13.
S11: and determining whether the current moment is within a predetermined target time period or not under the condition that the first enabling attribute of the NAT rule to be detected is configured to be enabled.
S12: and determining a second enabling attribute of the NAT rule to be detected.
S13: and when the current moment is determined to be within the target time period, configuring the second enabling attribute to be enabled.
The above method is described in detail below.
As an embodiment, before S11, the method further includes: when an instruction that the NAT rule to be detected is configured is received, determining the first enabling attribute from the NAT rule to be detected; determining that the first enable attribute is configured to be enabled.
Specifically, when receiving the instruction, the network security communication device configured with the NAT rule to be detected determines the first enable attribute from the NAT rule to be detected, and determines that the first enable attribute is configured to be enabled.
The NAT rule to be detected is any configured NAT rule in the network security communication equipment.
It can be understood that the NAT rule to be detected includes the first enabling attribute and has a second enabling attribute; when the NAT rule to be detected is configured to be completed, the first enabling attribute in the NAT rule to be detected is characterized to be configured to be completed, and the initial attribute of the second enabling attribute of the NAT rule to be detected is configured to be completed, wherein the initial attribute of the second enabling attribute and the first enabling attribute are configured to be enabled.
It should be noted that, after the modification of the NAT rule a is completed (i.e. it may be considered that the NAT rule a does not exist), the modified NAT rule is obtained, that is, the modified NAT rule is configured, and at this time, the first enabling attribute is determined from the modified NAT rule.
Wherein the first enabling attribute and the second enabling attribute may be enabled or disabled; the first enabling attribute characterizes whether a modification to a second enabling attribute of the NAT rule is required, and the second enabling attribute characterizes whether the NAT rule is enabled.
For any NAT rule, when the first enabling attribute of the NAT rule is forbidden, the second enabling attribute of the NAT rule is characterized in that modification is not needed, namely the second enabling attribute of the NAT rule is forbidden all the time; when the first enabling attribute of the NAT rule is enabled, a second enabling attribute characterizing the NAT rule may need to be modified.
When the second enabling attribute of the NAT rule is enabling, characterizing that the NAT rule is enabled; and when the second enabling attribute of the NA rule is forbidden, characterizing that the NAT rule is forbidden.
As an embodiment, before S11, the method further includes: and determining the target time period from the NAT rule to be detected.
Specifically, after determining that the first enabling attribute of the NAT rule to be detected is configured to be enabled, the target time period is determined from the NAT rule to be detected.
Or after determining that the first enabling attribute of the NAT rule to be detected is configured as enabling, determining whether the NAT rule to be detected has a time attribute, and if so, extracting the target time period from the NAT rule to be detected. It can be understood that if the NAT rule to be detected does not exist, the period of time corresponding to the NAT rule to be detected cannot be acquired, and meanwhile, the second enabling attribute of the NAT rule to be detected does not need to be modified.
Or after determining that the first enabling attribute of the NAT rule to be detected is configured to be enabled, determining the target time period from the NAT rule to be detected based on a preset time interval or periodically.
Or after determining that the first enabling attribute of the NAT rule to be detected is configured to be enabled, searching out a target time period corresponding to the NAT rule to be detected from the corresponding relation between the pre-stored NAT rule and the time period.
The preset time interval is set according to the user demand.
S11: and determining whether the current moment is within a predetermined target time period or not under the condition that the first enabling attribute of the NAT rule to be detected is configured to be enabled.
In an actual implementation process, S11 may be implemented in such a manner that, after determining that the first enable attribute of the NAT rule to be detected is configured to be enabled for the first time, it is determined whether the current time is within a predetermined target period based on a preset time interval or not.
S12: and determining a second enabling attribute of the NAT rule to be detected.
In an actual implementation process, S12 may be implemented in a manner of determining the second enabling attribute of the NAT rule to be detected based on a preset interval or periodically.
As an implementation manner, S12 may be implemented in the following manner, where the second enabling attribute corresponding to the NAT rule to be detected is found out from the correspondence between the pre-stored NAT rule and the second enabling attribute.
S13: and when the current moment is determined to be within the target time period, configuring the second enabling attribute to be enabled.
As one embodiment, S13 includes: and when the current moment is determined to be within the target time period, if the second enabling attribute is determined not to be configured to be enabled, configuring the second enabling attribute to be enabled.
Specifically, when it is determined that the current time is within the target time period, if it is determined that the second enable attribute is configured to be disabled, the second enable attribute is configured to be enabled.
As an embodiment, S13 may be implemented in such a manner that, when it is determined that the current time is within the target period, the second enable attribute of the NAT rule to be detected is reconfigured to be enabled, regardless of whether the second enable attribute is enabled or disabled.
As an embodiment, the method further comprises: the second enable attribute is configured to be disabled upon determining that the current time is not within the target time period.
Specifically, when it is determined that the current time is not within the target time period, if it is determined that the second enable attribute is not configured to be disabled, the second enable attribute is configured to be disabled.
Or when the current moment is not in the target time period, reconfiguring the second enabling attribute of the NAT rule to be detected to be disabled no matter the second enabling attribute is enabled or disabled.
As an embodiment, the method further comprises the step of: a1 and A2.
A1: and receiving a message to be processed.
In an actual implementation process, A1 may be implemented as follows, where a network security communication device configured with a NAT rule to be detected receives a message to be processed in real time or periodically.
A2: and when the second enabling attribute of the NAT rule to be detected is determined to be enabling, processing the message according to the NAT rule to be detected.
And acquiring a second enabling attribute of the NAT rule to be detected, and processing the message according to the NAT rule to be detected when the second enabling attribute is determined to be enabled.
Referring to fig. 2, fig. 1 is a block diagram illustrating a NAT device 400 according to an embodiment of the application. Each NAT rule includes a first enable attribute and has a second enable attribute. The first enabling attribute characterizes whether a modification to a second enabling attribute of the NAT rule is required. The block diagram of fig. 2 will be described, and the apparatus includes:
the time validity determining unit 210 is configured to determine whether the current moment is within a predetermined target time period under a condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled.
A second enabling attribute determining unit 220, configured to determine a second enabling attribute of the NAT rule to be detected.
A first configuration unit 230, configured to configure the second enabling attribute to be enabled when it is determined that the current time is within the target time period.
As an embodiment, the apparatus further comprises: and a second configuration unit, configured to configure the second enabling attribute to be disabled when it is determined that the current time is not within the target time period.
As an implementation manner, the first configuration unit 230 is specifically configured to, when determining that the current time is within the target period, configure the second enable attribute to be enabled if it is determined that the second enable attribute is not configured to be enabled.
As an embodiment, the apparatus further comprises: and the time period determining unit is used for determining the target time period from the NAT rule to be detected.
As an embodiment, the apparatus further comprises: a first enabling attribute determining unit, configured to determine, when receiving an instruction that the NAT rule to be detected is configured, the first enabling attribute from the NAT rule to be detected; and determining that the first enable attribute is configured to be enabled.
As an embodiment, the apparatus further comprises: the message processing unit is used for receiving the message to be processed; and when the second enabling attribute of the NAT rule to be detected is determined to be enabling, processing the message according to the NAT rule to be detected.
For the process of implementing the respective functions by the functional units in this embodiment, please refer to the content described in the embodiment shown in fig. 1, which is not described herein again.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an electronic device 300 according to an embodiment of the present application, where the electronic device may be a network security communication device in the above embodiment, and the electronic device 300 may be a personal computer (personal computer, PC), a tablet computer, a smart phone, a personal digital assistant (personal digital assistant, PDA), or the like.
The electronic device 300 may include: memory 302, process 301, communication interface 303, and a communication bus for enabling the connected communication of these components.
The Memory 302 is used for storing various data such as the computer program instructions corresponding to the NAT rule enabling attribute configuration method and apparatus provided by the embodiments of the present application, where the Memory 302 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), and the like.
The processor 301 is configured to read and execute a corresponding computer program instruction of an enabling attribute configuration method and apparatus of a NAT rule stored in the memory, so as to determine whether the current moment is within a predetermined target time period under a condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled; determining a second enabling attribute of the NAT rule to be detected; and when the current moment is determined to be within the target time period, configuring the second enabling attribute to be enabled.
The processor 301 may be an integrated circuit chip, and has signal processing capability. The processor 301 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
A communication interface 303 for receiving or transmitting data.
In addition, the embodiment of the application also provides a storage medium, in which a computer program is stored, which when run on a computer, causes the computer to execute the method provided by any one of the embodiments of the application.
In summary, according to the method, the device, the electronic device and the storage medium for configuring the enabling attribute of the NAT rule provided by the embodiments of the present application, by presetting the target time period of the NAT rule to be detected, and automatically determining whether the current moment is within the target time period under the condition that the first enabling attribute of the NAT rule to be detected is enabled, if so, automatically configuring the second enabling attribute of the NAT rule to be detected as enabled, wherein the above process does not need to manually judge, and does not need to manually and continuously configure the second enabling attribute of the NAT rule to be detected, so that the configuration is accurate, the efficiency is high, and the cost is low.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based devices which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
Claims (8)
1. An enabling attribute configuration method of NAT rules, each NAT rule including a first enabling attribute and having a second enabling attribute, the first enabling attribute characterizing whether modification of the second enabling attribute of the NAT rule is required, and the second enabling attribute characterizing whether the NAT rule is enabled, the method comprising:
under the condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled, determining whether the current moment is within a predetermined target time period;
determining a second enabling attribute of the NAT rule to be detected;
configuring the second enabling attribute to be enabled when the current moment is determined to be within the target time period;
wherein the determining the second enabling attribute of the NAT rule to be detected includes:
searching a second enabling attribute corresponding to the NAT rule to be detected from the corresponding relation between the pre-stored NAT rule and the second enabling attribute;
wherein before determining whether the current moment is within the predetermined target time period under the condition that the first enabling attribute of the NAT rule to be detected is configured to be enabled, the method further includes:
when an instruction that the NAT rule to be detected is configured is received, determining the first enabling attribute from the NAT rule to be detected;
determining that the first enable attribute is configured to be enabled;
after determining that the first enabling attribute of the NAT rule to be detected is configured to be enabled, determining whether the NAT rule to be detected has a time attribute, and if so, extracting the target time period from the NAT rule to be detected.
2. The method according to claim 1, wherein the method further comprises:
the second enable attribute is configured to be disabled upon determining that the current time is not within the target time period.
3. The method of claim 1, wherein the configuring the second enable attribute of the NAT rule to be detected to enable when the current time is determined to be within the target time period comprises:
and when the current moment is determined to be within the target time period, if the second enabling attribute is determined not to be configured to be enabled, configuring the second enabling attribute to be enabled.
4. The method according to claim 1, wherein the method further comprises:
receiving a message to be processed;
and when the second enabling attribute of the NAT rule to be detected is determined to be enabling, processing the message according to the NAT rule to be detected.
5. An enabling attribute configuration apparatus for NAT rules, each NAT rule including a first enabling attribute and having a second enabling attribute, the first enabling attribute characterizing whether modification of the second enabling attribute of the NAT rule is required, the apparatus comprising:
a time validity determining unit, configured to determine, on a condition that a first enabling attribute of the NAT rule to be detected is configured to be enabled, whether the current time is within a predetermined target time period;
a second enabling attribute determining unit, configured to determine a second enabling attribute of the NAT rule to be detected;
a first configuration unit, configured to configure the second enabling attribute to be enabled when it is determined that the current time is within the target time period;
the second enabling attribute determining unit is specifically configured to find a second enabling attribute corresponding to the NAT rule to be detected from a corresponding relationship between a prestored NAT rule and the second enabling attribute;
a first enabling attribute determining unit, configured to determine, when receiving an instruction that the NAT rule to be detected is configured, the first enabling attribute from the NAT rule to be detected; determining that the first enable attribute is configured to be enabled;
and the time period determining unit is used for determining whether the NAT rule to be detected has the time attribute after determining that the first enabling attribute of the NAT rule to be detected is configured to be enabled, and if so, extracting the target time period from the NAT rule to be detected.
6. The apparatus of claim 5, wherein the apparatus further comprises:
and a second configuration unit, configured to configure the second enabling attribute to be disabled when it is determined that the current time is not within the target time period.
7. An electronic device comprising a memory and a processor, the memory having stored therein computer program instructions that, when read and executed by the processor, perform the method of any of claims 1-4.
8. A storage medium having stored thereon computer program instructions which, when read and executed by a computer, perform the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011643827.6A CN112866008B (en) | 2020-12-30 | 2020-12-30 | NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011643827.6A CN112866008B (en) | 2020-12-30 | 2020-12-30 | NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112866008A CN112866008A (en) | 2021-05-28 |
| CN112866008B true CN112866008B (en) | 2023-09-01 |
Family
ID=76001028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011643827.6A Active CN112866008B (en) | 2020-12-30 | 2020-12-30 | NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112866008B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064673A (en) * | 2006-04-28 | 2007-10-31 | 鸿富锦精密工业(深圳)有限公司 | Network apparatus and its network address conversion configuring method |
| CN101159738A (en) * | 2007-08-06 | 2008-04-09 | 中兴通讯股份有限公司 | Time limiting system and method for network address conversion |
| CN101227398A (en) * | 2008-01-31 | 2008-07-23 | 中兴通讯股份有限公司 | Method and system for automatic adjusting application of network address conversion |
| CN109088957A (en) * | 2018-08-30 | 2018-12-25 | 京信通信系统(中国)有限公司 | The method, apparatus and equipment of NAT regulation management |
| CN109639487A (en) * | 2018-12-17 | 2019-04-16 | 杭州迪普科技股份有限公司 | Method, apparatus, the network equipment and the storage medium of strategy configuration |
| CN111181861A (en) * | 2020-01-13 | 2020-05-19 | 山东汇贸电子口岸有限公司 | Policy routing implementation method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8224985B2 (en) * | 2005-10-04 | 2012-07-17 | Sony Computer Entertainment Inc. | Peer-to-peer communication traversing symmetric network address translators |
| US8238357B2 (en) * | 2007-04-23 | 2012-08-07 | Nec Corporation | VLAN communication inspection system, method and program |
| CA2781509A1 (en) * | 2010-02-10 | 2011-08-18 | Research In Motion Limited | Method and apparatus for state/mode transitioning |
-
2020
- 2020-12-30 CN CN202011643827.6A patent/CN112866008B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064673A (en) * | 2006-04-28 | 2007-10-31 | 鸿富锦精密工业(深圳)有限公司 | Network apparatus and its network address conversion configuring method |
| CN101159738A (en) * | 2007-08-06 | 2008-04-09 | 中兴通讯股份有限公司 | Time limiting system and method for network address conversion |
| CN101227398A (en) * | 2008-01-31 | 2008-07-23 | 中兴通讯股份有限公司 | Method and system for automatic adjusting application of network address conversion |
| CN109088957A (en) * | 2018-08-30 | 2018-12-25 | 京信通信系统(中国)有限公司 | The method, apparatus and equipment of NAT regulation management |
| CN109639487A (en) * | 2018-12-17 | 2019-04-16 | 杭州迪普科技股份有限公司 | Method, apparatus, the network equipment and the storage medium of strategy configuration |
| CN111181861A (en) * | 2020-01-13 | 2020-05-19 | 山东汇贸电子口岸有限公司 | Policy routing implementation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112866008A (en) | 2021-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112039900A (en) | Network security risk detection method, system, computer device and storage medium | |
| CN115396289B (en) | Fault alarm determining method and device, electronic equipment and storage medium | |
| CN116094908B (en) | Log file storage method, device, equipment and storage medium | |
| CN114880641A (en) | API asset detection method, device, equipment and medium | |
| CN111506641B (en) | Data management method, data acquisition platform, data management system and storage medium | |
| CN114185804B (en) | Interface testing method and device and terminal equipment | |
| CN112866008B (en) | NAT rule enabling attribute configuration method, NAT rule enabling attribute configuration device, electronic equipment and storage medium | |
| CN111310188A (en) | Method and device for checking sensitive information of terminal file system | |
| CN117729005A (en) | Network asset mapping method | |
| CN117749614A (en) | Protocol rule determining method and device, electronic equipment and storage medium | |
| CN116450176A (en) | Version updating method and device, electronic equipment and storage medium | |
| CN115065714B (en) | Method and device for managing social security service terminal, electronic equipment and storage medium | |
| CN116451619A (en) | Component information processing method, device, medium and equipment | |
| CN112817967B (en) | Flow data storage method and device, electronic equipment and storage medium | |
| CN111144733B (en) | Platform identification method, platform identification device, metering automation terminal and readable storage medium | |
| CN115203158A (en) | Data comparison method, device, equipment and storage medium | |
| CN110995495A (en) | Network fault detection method and device, electronic equipment and storage medium | |
| CN110795676A (en) | Website monitoring method and device, electronic equipment and storage medium | |
| CN118503944B (en) | Authentication method, device, equipment and storage medium | |
| CN117251769B (en) | Abnormal data identification method, device, equipment and medium based on monitoring component | |
| CN116192807B (en) | A BMC IP acquisition method, device, equipment and storage medium | |
| CN111131528B (en) | Equipment network domain determining method, server and terminal | |
| CN119536855A (en) | Program switch design method, device, electronic device and storage medium | |
| CN118018405A (en) | Upgrading method and device of Internet of things equipment, server and storage medium | |
| CN117493214A (en) | Interface message generation method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |