Several commercial firewall solutions are currently available, but they may not be appropriate for all situations because of their expense, lack of flexibility, or lack of scalability. Instead, many firewalls are built using packet-filtering routers. One big impediment to building router-based firewalls is how poorly the configuration languages used to describe the proper operation of the routers are suited to the job of building and maintaining robust ûrewalls. These languages are overly terse

more »

... and do not support software-engineering techniques such as codereuse and datahiding. This paper describes a tool that overcomes these limitations by generating a configuration in the router's native configuration language from a highlevel description of the flrewall that is embedded in KoRNsnrrr, a popular computer language supporting code-reuse and data-hiding.