With the development of the network, the problem of network security is becoming increasingly serious. The importance of a firewall as the "first portal" to network security is obvious. In order to cope with a complex network environment, the firewall must formulate a large number of targeted rules to help it implement network security policies. Based on the characteristics of the cloud environment, this paper makes in-depth research on network security protection technology, and studies the network firewall system. The system implements unified configuration of firewall policy rules on the cloud management end and delivers them to the physical server where the virtual machine is located. Aiming at the characteristics of virtual machines sharing network resources through kernel bridges, a network threat model for virtual machines in a cloud environment is proposed. Through analysis of network security threats, a packet filtering firewall scheme based on kernel bridges is determined. Various conflict relationships between rules are defined, and a conflict detection algorithm is designed. Based on this, a rule order adjustment algorithm that does not destroy the original semantics of the rule table is proposed. Starting from the matching probability of the rules, simple rules are separated from the default rules according to the firewall logs, the relationships between these rules and the original rules are analyzed, and the rules are merged into new rules to evaluate the impact of these rules on the performance of the firewall. New rules are added to the firewall rule base to achieve linear firewall optimization. It can be seen from the experimental results that the optimization strategy proposed in this paper can effectively reduce the average number of matching rules and improve the performance of the firewall.
Read full abstract