Research Article

Adaptive Conflict-Free Optimization of Rule Sets for Network Security Packet Filtering Devices

Table 2

Example of rule list with ( is the “deny all” rule).

Source IP address Destination IP address Destination port Source port Protocol type Action

3.0.1.120/32 0.0.0.0 0-65535 0-65535 Any Deny 0.05
3.0.1.0/24 0.0.0.0 0-65535 0-65535 TCP Allow 0.1
2.0.0.1/32 0.0.0.0 80 80 TCP Deny 0.05
3.0.0.2/32 0.0.0.0 0-1024 0-1024 UDP Allow 0.1
3.0.0.3/32 0.0.0.0 0-1024 0-1024 TCP Allow 0.1
2.0.0.0/24 0.0.0.0 0-65535 0-65535 Any Allow 0.15
3.0.0.0/24 0.0.0.0 0-65535 1024-65535 Any Deny 0.15
3.0.0.0/24 0.0.0.0 0-65535 0-65535 Any Allow 0.2
0.0.0.0 0.0.0.0 0-65535 0-65535 Any Deny 0.1