Method and firewall for soliciting incoming packets

Abstract

This disclosure relates to controlling unwanted traffic to a device () in a communication network (). The idea is to provide a more fine-grained control of incoming packets or connection attempts, by using an inclusive firewall () i.e. a firewall operating on 'white-listed' traffic to a device (). The disclosure, relates to a method for controlling a data flow to a device in a communication network, using a firewall located in the path between said device and a source node. The method comprises receiving (), in said firewall, at least one data packet of said data flow. The firewall then reads (), a predefined selection of bits of said at least one data packet, wherein the selection of bits is contained in at least one field of said data packet. The at least field or fields, including the selection of bits, carry a first type information. The firewall then forwards () the at least one data packet to the device, if selection of bits fulfills a policy of said device. The policy is defining requirements by which packets to said device are solicited. Hence, the solicitation of packets is a second type of information carried by said selection of bits. The disclosure further relates to a methods controlling a data flow, as well as to a firewall (), a source () and a device ().