Skip to content

>AUUG–The Organisation for Unix, Linux and Open Source Professionals

Scalable Remote Firewalls

by Michael Paddon, Philip Hawkes, Greg Rose


There is a need for scalable firewalls, that may be dynamically configured by the network nodes that they service.  While modern stateful filtering techniques are good at dealing with established traffic flows, the scalable classification of other packets is a less researched problem.  A novel method for scalable packet classification on arbitrary criteria is proposed that addresses this requirement.  The classifier supports dynamically updatable policies comprised of sequence insensitive rules.  Experimental data is presented that demonstrates efficient and scalable performance with large policies.  The classifier is therefore suitable for use in scalable remote firewalls.

Michael Paddon, Philip Hawkes, Greg Rose

Download the paper: Scalable Remote Firewalls (211K PDF)