We implement an open source conflict resolution framework that consists of a user-space C application that automatically resolves firewall rules anomalies, and b) a generic tree (called policy tree), implemented as a Linux kernel module which maintains the resolved firewall rules and enables the necessary hooks to netfilter for matching incoming (or outgoing) network packets. Tree-based data structures offer improved efficiency compared to traditional access control lists (e.g. iptables or nftable maps), especially for large systems with a huge number of rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.
To reference this work:
A. Papagrigoriou, P. Petrakis, M.D. Grammatikakis, "A firewall module resolving rules consistency", Workshop on Intelligent Solutions in Embedded Systems (WISES), 2017, pp. 47-50.
Available from:
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7986931

Features

  • network firewall over netfilter
  • conflict resolution of rules
  • Linux kernel module

Project Activity

See All Activity >

Categories

Firewall

License

GNU General Public License version 3.0 (GPLv3)

Follow NetFireCoRE

NetFireCoRE Web Site

Other Useful Business Software
$300 Free Credits for Your Google Cloud Projects Icon
$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
Start Free Trial
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of NetFireCoRE!

Additional Project Details

Operating Systems

Linux

Intended Audience

Science/Research, Security Professionals, System Administrators

User Interface

Command-line

Programming Language

C

Related Categories

C Firewall Software

Registered

2017-05-26