Naslov
Optimization of Firewall Rules

Autori
Katić, Tihomir ; Pale, Predrag

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Izvornik
Proceedings of the 29th International Conference on Information Technology Interfaces / Lužar-Stiffler, Vesna ; Dobić Hljuz, Vesna - Zagreb : Sveučilišni računski centar Sveučilišta u Zagrebu (Srce), 2007, 685-690

ISBN
953-7138-10-0

Skup
International Conference on Information Technology Interfaces

Mjesto i datum
Cavtat, Hrvatska, 25.06.2007. - 28.06.2007

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
firewall; rules; optimization; relations; anomalies; policy

Sažetak
Network performance highly depends on efficiency of the firewall because for each network packet which enters or leaves the network a decision has to be made whether to accept it or reject it. This paper presents one approach to rule optimization solutions for improving firewall performance. The new software solution has been developed based on relations between rules. Its main purpose is to remove anomalies in ordering of Linux firewall rules and to merge similar rules. Developed rule optimization software (FIRO) is intended to be used with IP Tables Linux firewall command tool, but it can be easily adapted for other tool, as well. FIRO works in several passes through revised rule lists. In each step of optimization process FIRO generates a different rule list. Unlike existing solutions, FIRO also analyzes log rules and takes into account other rule parameters besides IP addresses, ports, protocols and action.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo

POVEZANOST RADA