Abstract: In applications of intrusion detection and stateful filtering，conflict discovery and resolution are key issues affecting security and QoS.The classification of rule relations is described.Based on the classification，a new firewall conflict discovery algorithm is proposed，which provides automatic revelation of firewall filtering rule conflicts and potential problems，and provides conflict-free insertion，removal and modification of rules.This algorithm is implemented in a tool，which significantly simplifies the management of firewall policy and eliminates rule conflicts.

Key words: firewall, rule classification, rule conflict, conflict discovery

摘要： 在入侵检测系统和状态检测防火墙等应用中，规则冲突检测及冲突解析算法是影响安全性及服务质量的关键。首先对防火墙过滤规则之间的关系进行了建模和分类。然后在过滤规则关系分类的基础上提出了一种冲突检测算法。该算法能够自动检测、发现规则冲突和潜在的问题，并且能够对防火墙过滤规则进行无冲突的插入、删除和修改。实现该算法的工具软件能够显著简化防火墙策略的管理和消除防火墙的规则冲突。

关键词: 防火墙, 规则分类, 规则冲突, 冲突检测