The Research On Stateful Firewall Policy Queries Technology

Firewalls, constructing the protective barrier between internal networks andexternal networks, are the key factors of the network securiy. Intruders must first passthrough the firewall security perimeter in order to access the target computer. Thefunction of a firewall is to examine each incoming and outgoing packet and decidewhether to accept or to discard the packet based on its policy. Due to the lack of toolsfor analyzing firewall policies, most firewalls errors on the internet have been plaguedwith policy errors. A firewall policy error either creates security holes that will allowmalicious traffic to sneak into a private network or blocks legitimate traffic anddisrupts normal business processes.Firstly, this paper summarize the research situation，describes the stateful firewallin detail.Then,summarize the firewalls policies. Then,we propose the stateful firewallpolicy queries technology. Two problems have solved in this paper: how to describe astateful firewall query and how to process a stateful firewall query.Because the number of rules in a firewall are increasing and the rules oftenconflict, understanding and analyzing the function of a firewall has been known to bedifficult.An effective way to assist firewall administrators to understand and analyzethe function of their firewalls is by issuing queries. We first introduce a simple andeffective SQL-like query language, for describing stateful firewall queries, consists ofa Structured Stateful Firewall Compute Language and a Structured stateful FirewallQuery Language. Second, we present an efficient stateful firewall query processingalgorithm, consist of the stateful firewall query processing algorithm based on ruleand the stateful firewall query processing algorithm based on decision diagrams.Finally, we perform experimental tests. Our experimental results show that ourtwo firewall query processing algorithm is very efficient: it takes less than300milliseconds to process a query when sateful rules are less than6000and statelessrules less than12000. If you run more than six quiries simultaneously on the samefirewall, stateful firewall query processing algorithms based on decision diagrams ismore efficient than the stateful firewall query processing algorithms based on rule.