After the current state of network security policy is overviewed, the faultiness of policy conflicts classification and the shortcoming of previous methods on security policies confliction detection are analyzed, A successful deployment of a network security system requires global analysis of policy configurations of all network security devices in order to avoid policy conflict and inconsistency due to rule dependency semantics and the interaction between policies in the network. In this paper, we first describe all the relations between filtering rules, and then present a comprehensive class...