A firewall module resolving rules consistency

Network firewall rules are usually written by administrators or automated intrusion detection systems and often contain inconsistencies. Therefore, it is fundamental to ensure that only an absolutely correct configuration is active. In this paper, we design an open source conflict resolution framework (C application and Linux firewall kernel module on top of netfilter) that can be used as a constant independent system auditor, automatically detecting and resolving conflicts in firewall rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.