Firewalls are security devices that perform network traffic filtering. They are ubiquitous in the industry and are a common method used to enforce organizational security policy. Security policy is specified on a high level of abstraction, with statements such as "web browsing is allowed only on workstations inside the office network", and needs to be translated into low-level firewall rules to be enforceable. There has been a lot of work regarding optimization, analysis and platform independence of firewall rules, but an area that has seen much less success is automatic translation of high-level security policies into firewall rules. In addition to improving rules' readability, such translation would make it easier to detect errors.This paper surveys of over twenty papers that aim to generate firewall rules according to a security policy specified on a higher level of abstraction. It also presents an overview of similar features in modern firewall systems. Most approaches define specialized domain languages that get compiled into firewall rule sets, with some of them relying on formal specification, ontology, or graphical models. The approaches' have improved over time, but there are still many drawbacks that need to be solved before wider application.

翻译：防火墙是进行网络交通过滤的安全装置,在行业中普遍存在,是用来执行组织安全政策的常用方法。安全政策是高度抽象的,“网络浏览只能在办公室网络内的工作站上进行”,需要转化为低层次的防火墙规则才能执行。在优化、分析和防火墙规则的平台独立性方面做了大量工作,但一个不太成功的领域是将高级别安全政策自动转化为防火墙规则。除了改进规则的可读性外,这种翻译将更容易发现错误。本文对20多份旨在根据更高层次的抽象安全政策制定防火墙规则的论文进行了书面调查,还概述了现代防火墙系统中的类似特征。大多数方法都界定了专门域语言,这些语言编成防火墙规则,有些则依赖正式的规格、本学或图形模型。这些方法随着时间的推移得到了改进,但是还有许多需要解决的倒数,然后才能更广泛地应用。