A Mapping Mechanism for Periodic Filters in a Conflict Detection System for Time-Based Firewall Policies
Recently, time-based filters are introduced in several practical firewalls like CISCO ACLs and LINUX Iptables to control network traffic in time. It is very handy when a service is required to be available at certain times of a day or at certain days. However, network administrators struggle to maintain time-based firewall policies due to their high-complexity. Conflict is a misconfiguration that occurs when a packet matches two or more filters. It makes the filters either redundant or shadowed, and as a result the network does not reflect the actual configurations of the time-based firewall policies.