ThaiScience  


ECTI TRANSACTIONS ON COMPUTER INFORMATION TECHNOLOGY


Volume 16, No. 01, Month MARCH, Year 2022, Pages 35 - 47


Fff: fast firewall framework to enhance rule verifying over high-speed networks

Suchart Khummanee, Panida Songram, Potchara Pruksasri


Abstract Download PDF

The current traffic trend on computer networks is growing exponentially, affecting network firewalls because they constantly have to filter out massive amounts of data. In this paper, we implement a firewall framework to improve traffic processing speed, named the Fast Firewall Framework (FFF). FFF can verify rules at Big-O(1) worst-case access time, and it also consumes a small amount of memory, which is only Big-O(nbit). To evaluate the firewalls"e effectiveness, we benchmark the proposed firewall framework against the two fastest firewalls (The state of the art of opensource firewall), IPSets and IPack. The experimental results show that the Fast Firewall Framework can execute rules faster than both firewalls and consumes less memory. In particular, the proposed firewall framework has a simple structure that makes it easier to implement.


Keywords

Firewall rule verifi- cation, High-speed Firewall, Fast packet matching



ECTI TRANSACTIONS ON COMPUTER INFORMATION TECHNOLOGY


Published by : ECTI Association
Contributions welcome at : http://www.ecti-thailand.org/paper/journal/ECTI-CIT