关键词: 规则不一致性，测试数据包，防火墙，安全漏洞

Abstract: Because of firewall filter confhcts,filters may not be in accordance with administrators' meaning so that this leads to security vulnerabilities. hherefore we need correctness test to solve this problem. Most of the current test packets choice algorithms choose packets at random or from the apex of filters in the correctness test. However these methods neglect the areas that contain conflicting filters and hence cannot detect all error produced by filter conflicts. This paper presented a test packets choice algorithm aiming at filter conflicts to address this problem. The algorithm treats two filters as the basic processed object and computes their area that contains conflicting filters. We not only choose test packets from the apex of filters but from the areas that contain conflicting filters as well. Compared to current test pack- ets choice algorithms,the algorithm proposed by this paper can detect all error produced by filter conflicts with adding only a little packets. 1}his paper proves the algorithm and experiments verify its good performance.

Key words: Filter conflicts,hest packets,Firewall,Security vulnerabilities