ECTI TRANSACTIONS ON COMPUTER INFORMATION TECHNOLOGYVolume 16, No. 01, Month MARCH, Year 2022, Pages 35 - 47
Fff: fast firewall framework to enhance rule verifying over high-speed networks
Suchart Khummanee, Panida Songram, Potchara Pruksasri
Abstract Download PDFThe current traffic trend on computer networks is growing exponentially, affecting network firewalls because they constantly have to filter out massive amounts of data. In this paper, we implement a firewall framework to improve traffic processing speed, named the Fast Firewall Framework (FFF). FFF can verify rules at Big-O(1) worst-case access time, and it also consumes a small amount of memory, which is only Big-O(nbit). To evaluate the firewalls"e effectiveness, we benchmark the proposed firewall framework against the two fastest firewalls (The state of the art of opensource firewall), IPSets and IPack. The experimental results show that the Fast Firewall Framework can execute rules faster than both firewalls and consumes less memory. In particular, the proposed firewall framework has a simple structure that makes it easier to implement.
Firewall rule verifi- cation, High-speed Firewall, Fast packet matching