1、Information technology UPnP Device Architecture Part 24-11:Internet gateway device control protocol Level 2 Wide area network internet protocol v6 Firewall control serviceTechnologies de linformation Architecture de dispositif UPnP Partie 24-11:Protocole de contrle de dispositif de passerelle Intern
2、et Niveau 2 Protocole internet de rseau tendu v6 Service de contrle du pare-feuINTERNATIONAL STANDARDISO/IEC 29341-24-11Reference numberISO/IEC 29341-24-11:2017(E)First edition2017-09 ISO/IEC 2017 ii ISO/IEC 2017 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2017,Published in SwitzerlandAl
3、l rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from eit
4、her ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh.de Blandonnet 8 CP 401CH-1214 Vernier,Geneva,SwitzerlandTel.+41 22 749 01 11Fax+41 22 749 09 47copyrightiso.orgwww.iso.orgISO/IEC 29341-24-11:2017(E)ISO/IEC 29341-24-11:2017(E)ISO/IEC 2017 All rig
5、hts reserved iii CONTENTS 1Scope.12Normative References.13Terms,definitions,symbols and abbreviations.24Notations and conventions.4Notation.44.1Data types.44.2Vendor-defined extensions.44.35Service Model.4Service Type.45.1Service Architecture.55.2State Variables.55.3Summary.55.3.1FirewallEnabled.55.
6、3.2InboundPinholeAllowed.65.3.3A_ARG_TYPE_OutboundPinholeTimeout.65.3.4A_ARG_TYPE_IPv6Address.65.3.5A_ARG_TYPE_Port.65.3.6A_ARG_TYPE_Protocol.65.3.7A_ARG_TYPE_LeaseTime.65.3.8A_ARG_TYPE_UniqueID.75.3.9A_ARG_TYPE_PinholePackets.75.3.10A_ARG_TYPE_Boolean.75.3.11Relationships among State Variables.75.3
7、.12Eventing and Moderation.75.4Summary.75.4.1Eventing of FirewallEnabled.75.4.2Eventing of InboundPinholeAllowed.75.4.3Actions.75.5Summary.75.5.1GetFirewallStatus().85.5.2GetOutboundPinholeTimeout().85.5.3AddPinhole().105.5.4UpdatePinhole().125.5.5DeletePinhole().135.5.6GetPinholePackets().145.5.7Ch
8、eckPinholeWorking().155.5.8Relationships Between Actions.175.5.9Error Code Summary.175.5.10Service Behavioral Model.175.66XML Service Description.18Annex A(informative)Theory of Operation.23A.1IPv4 NAT and IPv6 firewall control relationship.23A.2Start-up.23A.3Outbound pinhole management.24A.3.1Outbo
9、und pinhole creation.24A.3.2Outbound pinhole refresh.24ISO/IEC 29341-24-11:2017(E)iv ISO/IEC 2017 All rights reserved A.3.3Outbound pinhole lifecycle.25A.4Inbound Pinhole management.25A.4.1Inbound pinhole creation.25A.4.2Checking that an inbound pinhole is working.26A.4.3Inbound pinhole refresh.27A.
10、4.4Inbound pinhole state transition diagram.28Annex B(normative)Security Considerations.29B.1Overview.29B.2Firewall Assets,Risks and Threats.29B.3Firewall Control Policy and Recommendations.29Annex C(informative)Bibliography.31 Figure A.1 Outbound pinhole creation.24Figure A.2 Outbound pinhole refre
11、sh.25Figure A.3 Outbound pinhole state transition diagram.25Figure A.4 Inbound pinhole creation.26Figure A.5 Checking that an inbound pinhole is working.27Figure A.6 Inbound pinhole refresh and deletion.28Figure A.7 Inbound pinhole state transition diagram.28 Table 1 State Variables.5Table 2 allowed
12、ValueRange for A_ARG_TYPE_OutboundPinholeTimeout.6Table 3 allowedValueRange for A_ARG_TYPE_LeaseTime.6Table 4 Eventing and Moderation.7Table 5 Actions.7Table 6 Arguments for GetFirewallStatus().8Table 7 Error Codes for GetFirewallStatus().8Table 8 Arguments for GetOutboundPinholeTimeout().9Table 9 E
13、rror Codes for GetOutboundPinholeTimeout().10Table 10 Arguments for AddPinhole().10Table 11 Error Codes for AddPinhole().11Table 12 Arguments for UpdatePinhole().12Table 13 Error Codes for UpdatePinhole().13Table 14 Arguments for DeletePinhole().13Table 15 Error Codes for DeletePinhole().14Table 16
14、Arguments for GetPinholePackets().14Table 17 Error Codes for GetPinholePackets().15Table 18 Arguments for CheckPinholeWorking().16Table 19 Error Codes for CheckPinholeWorking().16Table 20 Error Code Summary.17 ISO/IEC 29341-24-11:2017(E)ISO/IEC 2017 All rights reserved v Foreword ISO(the Internation
15、al Organization for Standardization)and IEC(the InternationalElectrotechnicalCommission)formthespecializedsystemforworldwidestandardization.National bodies that are members of ISO or IEC participate in the development ofInternational Standards through technical committees established by the respecti
16、veorganization to deal with particular fields of technical activity.ISO and IEC technicalcommittees collaborate in fields of mutual interest.Other international organizations,governmental and nongovernmental,in liaison with ISO and IEC,also take part in thework.Inthefieldofinformationtechnology,ISOandIEChaveestablishedajointtechnicalcommittee,ISO/IECJTC1.The procedures used to develop this document and those intended for its furthermaintenancearedescribedintheISO/IECDirectives,Part1.Inparticular
