Previous Work on Firewall Design

Previous Work on Firewall Design Previous work on firewall design focuses on high-level languages that can be used to specify firewall rules. Examples of such languages are the simple model definition language in [Bartal et al. (1999, 2003)], the Lisp-like language in [Guttman (1997)], and the declarative predicate language in [Begel et al. (1999)]. These high-level firewall languages are helpful for designing firewalls because otherwise people have to use vendor specific languages to describe firewall rules. However, a firewall specified using these high-level firewall languages is still a sequence of rules and the rules may still conflict. The three issues of consistency, completeness and compactness that are inherent in designing a firewall by a sequence of rules still remain.