Policy-based parametric firewall configuration: a real-case application

We describe a simple policy language for setting up and running firewalls (FW). The language allows to describe sophisticated policies for controlling network connections. Composition is done at set-up time, when a parser, starting from a given policy, generates the relative configuration file for one or more firewalls operating the industry-standard Linux Iptables kernel extension. The policy captures the essence of the desired requirements and constrains upon connections between zones. The language has been designed and it is currently on testing in the context of a large intra/extranet with more than 10,000 assigned IP addresses