防火墙规则配置错误快速检测算法

Algorithm for Fast Detecting Firewall Rule Configuration Mistakes

在防火墙的规则配置中潜伏着一些问题:安全管理员可能在最初配置规则表的时候,出现一些错误;随着规则表中规则数目的增长,不同的规则之间发生冲突的可能性也相应增加。该文对防火墙规则配置过程中可能出现的错误进行了分析,介绍了防火墙规则配置错误的几种常见类型,给出了发现错误的算法,并根据防火墙规则表的特点对算法进行了改进,提高了规则配置错误的检测效率。

As enterprises＇ network security barrier, firewalls play a very important role. Since enterprises configurate firewalls according to its need; the rule table will be included. However, problems may occur during configuration. On one hand, the administrator himself may make some mistakes during initial configuration. On the other hand, possibility of conflicts among different rules increases with rule numbers in the table growing. This paper analyzes possible mistakes in the configuration process. It introduces several familiar types of mistakes in configuration, puts forward the algorithm which can find mistakes. The paper improves the algorithm according to the characteristics of the firewall rule table, which increases efficiency of detecting configuration mistakes.