Link to home
Start Free TrialLog in
Avatar of RIP_Leroi

asked on

Firewall request application correct database format

I'm writing a Firewall Request application.  Users can submit a request to modify or add an rule in the firewall.  It asks for source ip(s), dest ip(s), source port(s), dest port(s), port(s), and protocol(s).

I'm curious about the best design and best practices for the database.  Because there can be any number of source IP's going to any number of dest IP's, I have a link table called FirewallSourceAndDestIP that is below.

CREATE TABLE FirewallSourceAndDestIP
	FirewallRequestID int,
	SourceIP Nvarchar(16),
	SourceType Nvarchar(20),
	DestIP Nvarchar(16),
	DestType Nvarchar(20),

Open in new window

Making a row for every source to dest connection and it links back to the main FirewallRequest table.  However, when it comes to ports, I'm confused at the best way to accomplish this same task.  If I use a link table, it's possible I could have up to 65k+ rows per request if they want all ports (any/any) connection.  Is this the best way to go about it, or am I missing an easier solution?
Avatar of Mark Bullock
Mark Bullock
Flag of United States of America image

Can you add port to your table and leave it null to mean all ports?
Avatar of RIP_Leroi


I've considered that but there are also a lot of request that have 10k+ ports (lots of high UDP ranges for audio/video).  Does this even matter?  Am I over thinking it?
How would someone enter 10,000 port numbers? Maybe you save ranges.
Avatar of Vitor Montalvão
Vitor Montalvão
Flag of Switzerland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This works perfectly.