Abstract: As a traditional technique of information security, firewall has taken very important position. Security administrators frequently have to compare firewall policies looking for inconsistence, while it is not a smooth process to choose a platform for the comparison. To realize the comparison between firewalls’ policies, this paper provides FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm, finally presents the procedures of comparing firewalls’ policies. Combination of the two algorithms can be used to perform a comparison between firewalls’ policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decision, and finds out the inconsistency in firewalls’ policies.

Key words: Firewall Policy Comparison Algorithm