Title :
Optimization of Firewall Rules
Author :
Katic, Tihomir ; Pale, Predrag
Author_Institution :
Univ. of Zagreb, Zagreb
Abstract :
Network performance highly depends on efficiency of the firewall because for each network packet which enters or leaves the network a decision has to be made whether to accept it or reject it. This paper presents one approach to rule optimization solutions for improving firewall performance. The new software solution has been developed based on relations between rules. Its main purpose is to remove anomalies in ordering of Linux firewall rules and to merge similar rules. Developed rule optimization software (FIRO) is intended to be used with IP Tables Linux firewall command tool, but it can be easily adapted for other tool, as well. FIRO works in several passes through revised rule lists. In each step of optimization process FIRO generates a different rule list. Unlike existing solutions, FIRO also analyzes log rules and takes into account other rule parameters besides IP addresses, ports, protocols and action.
Keywords :
Linux; authorisation; computer networks; optimisation; telecommunication security; FIRO; Linux firewall rule; authorisation; network performance; optimization; Access protocols; Communication system traffic control; Computer networks; Degradation; High performance computing; Information security; Linux; Protection; Software tools; Telecommunication traffic; anomalies; firewall; optimization; policy; relations; rules;
Conference_Titel :
Information Technology Interfaces, 2007. ITI 2007. 29th International Conference on
Conference_Location :
Cavtat
Print_ISBN :
953-7138-10-0
Electronic_ISBN :
1330-1012
DOI :
10.1109/ITI.2007.4283854
