摘要
研究确保在防火墙规则应用之前能够进行规则的冲突检测,避免规则之间出现矛盾、冗余。同时,描述了在保持规则间相互关系的基础上,利用日志管理系统的统计数据对规则重新排序,将最常用的规则放在具有高优先级的位置,从而降低规则比较的次数,进而提高防火墙过滤数据包的速度。
In this paper it studies the correctness of packet filtering rules, and conflict detection before rules being applied to avoid contradiction and redundancy between rules. This paper also elucidates reordering of the firewall rules according to the statistic of log system while maintaining the relations among rules. This reordering is achieved based on a priority assignment which takes into consideration the frequency at which the rule is invoked, so it will reduce the frequency of packet comparison to achieve the optimization of iptables rules, and to increase the speed of packet filtering.
出处
《计算机应用与软件》
CSCD
北大核心
2008年第12期263-265,共3页
Computer Applications and Software
关键词
防火墙规则
冲突检测
排序
规则优化
Firewall rule Conflict detect Reorder Rule optimization