1. Technical Field of the Invention
This invention pertains to firewall capability for a gateway system. In particular, it relates to IP network address translation (NAT) and IP filtering with dynamic address resolution.
2. Background Art
Internet protocol (IP) network address translation (NAT) and IP filtering are functions which provide firewall-type capability to an Internet gateway system. In one specific system, this is accomplished by providing means for the system administrator to specify specific NAT and filtering rules via an operational navigator graphical user interface (GUI).
IP packet filtering is the process of checking each internet protocol (IP) packet that is going to be sent from or has just arrived at a gateway system, or node, in a communications network, and based upon that check of making a decision. The decision is (typically, and insofar as it relates to the preferred embodiment of this invention) whether the packet should be discarded or allowed to continue. These are termed the `deny` and `permit` actions. IP filtering is widely used in Internet firewall systems, by independent service providers (ISPs) and organizations connected to the Internet.
Filter rules are most commonly an ordered list of rules, processed sequentially from top to bottom (order is specified by the system administrator). Each rule permits a certain kind of IP traffic. Processing for an IP packet continues until the packet is permitted, explicitly denied, or there are no more rules, in which case it is denied. Usually a number of filter rules must be written for each protocol to be permitted.
The problem solved by this invention is: how can a system administrator write NAT and Filter rules when the IP address is not known?
It is, therefore, an object of the invention to provide an improved gateway system and method.
It is a further object of the invention to provide an improved system and method for specifying filter rules when the relevant IP address is not known.
It is a further object of the invention to provide a system and method for dynamically resolving IP addresses.