Lu, Liang; Safavi-Naini, Reihaneh; Horton, Jeffrey P.; and Susilo, Willy, 2007, Comparing and debugging firewall rule tables, IET Information Security, 1(4), 143-151.
Firewalls are one of the essential components of secure networks. However, configuring firewall rule tables for large networks with complex security requirements is a difficult and error prone task. A method of representing firewall rule table that allows comparison of two tables is developed, and an algorithm that determines if two tables are equivalent is provided. (That is the set of packets that are permitted by the two tables are the same.) How such algorithm can assist system administrators to correctly implement organisational policy is discussed. The proposed approach is implemented and the results of the experiments are shown.