Abstract
Firewalls are crucial for the security of most networks and implemented by packet filters. Those packet filters can be considered the direct opposite of a simple-to-use system. Configured with complex commands in plain text files, only experts are able to understand or even modify such a setup. Recently, this process has been improved by using a combination of external tools, a graphical modeling environment, and a model checker, enabling more users to participate in the process and clearing the way to automatic testing. This paper revists this concept from a simplicity perspective and shows how the whole process can be simplified while simultaneously the level of abstraction is increased and new ways of verifying the result are possible.
Get full access to this article
View all access options for this article.