Firewalls offer a protection for private networks against external attacks. However, configuring firewalls correctly is a difficult task. There are two main reasons. One is that the effects of a firewall configuration cannot be easily seen during the configuration time. Another one is the lack of guidance to help configuring firewalls. In this paper, we propose a general and unified methodology for the verification and the synthesis of firewall configurations. Our verification methodology offers a way to foresee and analyze effects of firewall configurations during the configuration time. Furthermore, our synthesis methodology can generate firewall configurations that satisfies users' requirements. As a result, firewall configurations that are free of many kinds of errors and loopholes can be obtained easily.
展开▼
