关键词: 防火墙，规则冲突，分段，动作，排序

Abstract: Firewalls arc playing a very important role in network security, because the firewall policy rules arc determining that the network packet "Allow" or "Rejected" out of network. For the large networks,the rules are too many to ensure they have not conflict, therefore the detection and resolution of the policy conflict become an important aspect of network security. This paper presented a parallel method of firewall policy conflict detection and resolution algorithm,which resorts the segments formed by the rule-based segmentation technology, and translates the segments into the form of rules, uses this new rules instead of the original rules for packet filtering. Because all segments arc pairwise dis- jointed and every segment has one action, the conflicts in policy arc resolved.

Key words: Rules, Confliction, Segment, Action, Ordering