	US 11,695,731 B2
	Distributed identity-based firewalls
Anirban Sengupta, Saratoga, CA (US); Subrahmanyam Manuguri, San Jose, CA (US); Mitchell T. Christensen, Livermore, CA (US); Azeem Feroz, San Jose, CA (US); and Todd Sabin, Morganville, NJ (US)
Assigned to NICIRA, INC., Palo Alto, CA (US)
Filed by Nicira, Inc., Palo Alto, CA (US)
Filed on Oct. 5, 2020, as Appl. No. 17/63,415.
Application 17/063,415 is a continuation of application No. 16/041,698, filed on Jul. 20, 2018, granted, now 10,798,058.
Application 16/041,698 is a continuation of application No. 14/043,714, filed on Oct. 1, 2013, granted, now 10,033,693, issued on Jul. 24, 2018.
Prior Publication US 2021/0036990 A1, Feb. 4, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 9/455 (2018.01); H04L 67/63 (2022.01)

CPC H04L 63/0218 (2013.01) [G06F 9/45558 (2013.01); H04L 67/63 (2022.05); G06F 2009/45595 (2013.01)]

18 Claims

1. For a virtual machine (VM) executing on a host computer, a method for providing firewall services on the host computer, the method comprising:

after a process of the VM requests a network connection, receiving a record from a driver executing on the VM, the record associating a set of header values of packets sent from the VM with an identifier associated with at least one firewall rule;

associating a packet received from the VM with the identifier by comparing a set of header values of the packet with the set of header values of the record;

using the identifier to identify a firewall rule from a plurality of firewall rules that have rule identifiers defined by reference to a plurality of identifiers; and

performing a firewall operation on the received packet based on the identified firewall rule.