Algorithm for Detecting Firewall Policy Inconsistency
防火墙策略不一致性检测算法

As a traditional technique of information security,firewall has played a very important role.Security administrators frequently have to compare firewall policies looking for inconsistence,while it is not a smooth process to choose a platform for the comparison.To realize the comparison between firewalls' policies,this paper provides FPT(firewall policy tree) model,and the construction algorithm which can turn a firewall policy into a policy tree,as well as the comparison algorithm,and finally presents the procedures of comparing firewalls' policies.Combination of the two algorithms can be used to perform a comparison between firewalls' policies.By doing this,the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decisions,so as to find out the inconsistency in firewalls' policies.