NetFireCoRE
Network Firewall Linux Kernel Module with Conflict Resolution Engine
We implement an open source conflict resolution framework that consists of a user-space C application that automatically resolves firewall rules anomalies, and b) a generic tree (called policy tree), implemented as a Linux kernel module which maintains the resolved firewall rules and enables the necessary hooks to netfilter for matching incoming (or outgoing) network packets. Tree-based data structures offer improved efficiency compared to traditional access control lists (e.g. iptables or nftable maps), especially for large systems with a huge number of rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.
To reference this work:
A. Papagrigoriou, P. Petrakis, M.D. Grammatikakis, "A firewall module resolving rules consistency", Workshop on Intelligent Solutions in Embedded Systems (WISES), 2017, pp. 47-50.
Available from:
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7986931