A Firewall Rules Optimized Model Based on Service-Grouping

Aiming at networks with a large number of firewall rules, in order to reduce the number of rules and rule filtering times while firewall´s performance does not change, a firewall policy rules merging model based on rule-service is presented. The model detects the rules in a fast way using an algorithm based on rule service first, and then it resolves the conflicts segment by using action constraint strategy. And then it runs the rule merging algorithm in a set of rules with no anomalies based on service. Finally, the experimental results show that merging efficiency is outperformed compared with other similar rule merging models. Compared to the traditional firewall, the optimized firewall model made less filtering hits while processing the same packets.