University of Seville
Firewalls provide the first line of defense of nearly all networked institutions today. However, Firewall ACL management suffers some problems that need to be addressed in order to be effective. The most studied one is rule set consistency. There is an inconsistency if different actions can be taken on the same traffic, depending on the ordering of the rules. In this paper a new algorithm to diagnose inconsistencies in firewall rule sets is presented. Although many algorithms have been proposed to address this problem, the presented one is a big improvement over them, due to its low algorithmic and memory complexity, even in worst case.