Filtering is a very important issue in next generation networks. These networks consist of a relatively high
number of resource constrained devices and have special features, such as management of frequent topology
changes. At each topology change, the access control policy of all nodes of the network must be
automatically modified. In order to manage these access control requirements, Firewalls have been proposed
by several researchers. However, many of the problems of traditional firewalls are aggravated due to these
networks particularities, as is the case of ACL consistency. A firewall ACL with inconsistencies implies in
general design errors, and indicates that the firewall is accepting traffic that should be denied or vice versa.
This can result in severe problems such as unwanted accesses to services, denial of service, overflows, etc.
Detecting inconsistencies is of extreme importance in the context of highly sensitive applications (e.g.
health care). We propose a local inconsistency detection algorithm and data structures to prevent automatic
rule updates that can cause inconsistencies. The proposal has very low computational complexity as both
theoretical and experimental results will show, and thus can be used in real time environments.Ministerio de Educación y Ciencia DPI2006-15476-C02-0