Prior art — US Patent 8397282

Here is an analysis of the most relevant prior art for US patent 8397282, based on its cited references and focusing on the core inventive concepts of the patent.

The central inventive concept of US8397282, as articulated in its independent claims (Claims 1, 12, and 24), revolves around a firewall system where:

At least one node is defined, associated with two or more network interfaces.
A set of firewall rules is associated with the node(s).
Packets are accepted or denied based on these rules.
Crucially, the set of firewall rules is dynamically self-configurable during runtime without operator interaction.
These rules comprise a plurality of chains of rules forming various paths through a hierarchical structure.
The hierarchical structure includes defined places for dynamically updating the set of firewall rules during runtime.

Below are analyses of selected prior art references that appear most relevant to these aspects, published before the priority date of US8397282 (March 10, 2004).

1. US 6,212,558 B1

Full Citation: US 6,212,558 B1, "Method and apparatus for configuring and managing firewalls and security devices," filed December 24, 1997, issued April 3, 2001, to Anand K. Antur.
Publication/Filing Date: Publication Date: April 3, 2001. Filing Date: December 24, 1997 (claims priority from provisional application No. 60/044,853, filed April 25, 1997).
Brief Description: This patent describes methods and apparatus for configuring and managing firewalls and other network security devices. It involves a network directory services server that provides network directory services to multiple network servers, each coupled to a network security device. A security policy for these devices is implemented on the directory services server, and the directory services are used to provide configuration information to the security devices in response to this policy. This outlines a centralized approach to defining and deploying security policies to multiple firewalls.
Potential Anticipation (35 U.S.C. § 102): US 6,212,558 B1 anticipates the broad concept of configuring and managing firewall rules and associating them with network devices (analogous to "nodes" in US8397282). This could potentially anticipate elements like "defining at least one node, wherein the at least one node is associated with two or more network interfaces" and "associating a set of firewall rules with the at least one node" found in claims 1, 12, and 24. However, it does not explicitly disclose the key distinguishing features of US8397282: the firewall's dynamic self-configurability during runtime without operator interaction, nor the specific hierarchical structure of rule chains with defined places for dynamically updating rules during runtime. The management described appears to be driven by external policy updates from a server, rather than the firewall autonomously adapting its internal rule structure.

2. US 6,243,815 B1

Full Citation: US 6,243,815 B1, "Method and apparatus for reconfiguring and managing firewalls and security devices," filed December 24, 1997, issued June 5, 2001, to Anand K. Antur.
Publication/Filing Date: Publication Date: June 5, 2001. Filing Date: December 24, 1997 (claims priority from provisional application No. 60/044,853, filed April 25, 1997).
Brief Description: Similar to US 6,212,558 B1 by the same inventor and sharing the same priority date, this patent focuses on methods and apparatus for reconfiguring and managing firewalls and security devices. It also describes a system where a network directory services server implements security policies and provides configuration information to multiple network security devices. The emphasis on "reconfiguring" indicates that the rules or policies can be changed.
Potential Anticipation (35 U.S.C. § 102): US 6,243,815 B1 is relevant for the general concept of changing or reconfiguring firewall rules or policies, which touches upon the idea of "dynamically updating" rules. This could be seen as broadly anticipating parts of claims 1, 12, and 24 that mention dynamic updates. However, like its related patent, it lacks the specificity of the firewall being self-configurable during runtime without operator interaction through a hierarchical structure of rule chains with defined places for dynamic updates. The reconfiguration is still external to the firewall's autonomous operation and relies on a policy server. Therefore, while it anticipates dynamic changes to rules in a broad sense, it likely does not anticipate the specific mechanism of self-configuration claimed in US8397282.

3. US 2001/0039576 A1

Full Citation: US 2001/0039576 A1, "Network policy transmission method from policy server to network node," filed December 10, 1999, published November 8, 2001, to Yasusi Kanada.
Publication/Filing Date: Publication Date: November 8, 2001. Filing Date: December 10, 1999.
Brief Description: This publication describes a method where a policy server transmits a policy to a network node. The policy consists of an event and an action to be performed when the event occurs. The network node executes the action upon the occurrence of the event. The policy can be modified by the policy server, enabling dynamic changes to network behavior. This directly relates to applying rule-based logic at network nodes.
Potential Anticipation (35 U.S.C. § 102): This reference is highly relevant to the concept of "defining at least one node" and "associating a set of firewall rules with the at least one node," as it explicitly describes "network nodes" and "policies" (rules) with "events and actions." It also describes that the policy "can be changed by the policy server," which suggests dynamic rule updates. This could potentially anticipate elements of claims 1, 12, and 24 of US8397282 concerning nodes, associated rules, and dynamic modification of those rules. However, it does not explicitly teach the firewall being dynamically self-configurable during runtime without operator interaction as a self-contained, autonomous process, nor does it detail a hierarchical structure of rule chains with defined places for dynamic updates within the node itself. The changes are still initiated by an external "policy server," implying interaction beyond the firewall's self-configuration. Therefore, it anticipates aspects of dynamic policy application to network nodes but likely not the unique self-adaptive, hierarchical rule structure of US8397282.