RIP_Leroi
asked on
Firewall request application correct database format
I'm writing a Firewall Request application. Users can submit a request to modify or add an rule in the firewall. It asks for source ip(s), dest ip(s), source port(s), dest port(s), port(s), and protocol(s).
I'm curious about the best design and best practices for the database. Because there can be any number of source IP's going to any number of dest IP's, I have a link table called FirewallSourceAndDestIP that is below.
Making a row for every source to dest connection and it links back to the main FirewallRequest table. However, when it comes to ports, I'm confused at the best way to accomplish this same task. If I use a link table, it's possible I could have up to 65k+ rows per request if they want all ports (any/any) connection. Is this the best way to go about it, or am I missing an easier solution?
I'm curious about the best design and best practices for the database. Because there can be any number of source IP's going to any number of dest IP's, I have a link table called FirewallSourceAndDestIP that is below.
CREATE TABLE FirewallSourceAndDestIP
(
ID int NOT NULL IDENTITY (1,1),
FirewallRequestID int,
SourceIP Nvarchar(16),
SourceType Nvarchar(20),
DestIP Nvarchar(16),
DestType Nvarchar(20),
)
Making a row for every source to dest connection and it links back to the main FirewallRequest table. However, when it comes to ports, I'm confused at the best way to accomplish this same task. If I use a link table, it's possible I could have up to 65k+ rows per request if they want all ports (any/any) connection. Is this the best way to go about it, or am I missing an easier solution?
Can you add port to your table and leave it null to mean all ports?
ASKER
I've considered that but there are also a lot of request that have 10k+ ports (lots of high UDP ranges for audio/video). Does this even matter? Am I over thinking it?
How would someone enter 10,000 port numbers? Maybe you save ranges.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This works perfectly.