Abstract: An optimization algorithm which optimizes the sequence of firewall rules to reduce packet matching time is presented. It has been observed that some incoming packet can match with more than one rule. Such type of rules called as dependent rules and if their action differs then it is called as conflict. Our main focus in the paper is on dependent rules. This paper proposes an algorithm that is designed for conflict resolution and gives good network performance by reducing the packet matching time of the firewall.The algorithm uses the method of hashing for dividing the rule list into many equal sized sub-rule lists and resolve the conflict by the method of indexing which creates separate list for dependent rules. The performance of the packet matching algorithm which uses log file has improved performance over other alternative algorithm in terms of packet matching time.
Keywords: Dependent rules, firewall, network performance, packet matching, conflict resolution, hashing, indexing, log file.