Linear-Tree Rule Structure for Firewall Optimization

Given a list of filtering rules with individual hitting probabilities, it is known that the average processing time of a linear-search based firewall can be minimized by searching rules in some appropriate order. This paper proposes a new yet simple technique called the linear-tree structure. It utilizes an advanced feature of modern firewalls, the "Goto"- like statement, to transform the given rule list into a rule set that is functionally equivalent to the original but organized in a more efficient structure.