Wipro Limited
METHOD AND SYSTEM FOR GENERATING DYNAMIC RULES FOR COMPUTER NETWORK FIREWALL

Abstract:

Method and system for generating dynamic rules for a computer network firewall are provided. The method includes applying a plurality of drop rules to a plurality of packets that are received at a network interface. The plurality of drop rules are sequentially arranged rules and determine at least one of allowance and dropping of a packet based on corresponding tracking information. Then a unique drop rule is generated for dropping a set of packets based on an implicit deny rule. The implicit deny rule determines a drop for the plurality of packets. Thereafter, sequence for the unique drop rule in the plurality of drop rules is determined based on dropping of the plurality of packets. Accordingly, the unique drop rule is deployed in the sequence of drop rules. FIG. 2