Firewalls and packet filtering in Computer Networks - Time & Space Complexity

When using firewalls to filter network packets, it's important to understand how the time to check each packet grows as more rules are added.

We want to know how the filtering process scales with the number of rules.

Analyze the time complexity of the following packet filtering process.

for each incoming_packet in network_stream:
    for each rule in firewall_rules:
        if rule matches incoming_packet:
            apply rule action
            break
    if no rule matched:
        apply default action
    

This code checks each incoming packet against firewall rules one by one until a match is found or all rules are checked.

• Primary operation: Checking each packet against firewall rules in a loop.
• How many times: For each packet, the rules are checked one by one until a match is found or all rules are checked.

As the number of firewall rules increases, the time to check each packet grows roughly in proportion to the number of rules.

Input Size (number of rules)	Approx. Operations per packet
10	Up to 10 checks
100	Up to 100 checks
1000	Up to 1000 checks

Pattern observation: The number of checks grows linearly with the number of rules.

Time Complexity: O(n)

This means the time to filter each packet grows directly with the number of firewall rules.

[X] Wrong: "Filtering time stays the same no matter how many rules there are."

[OK] Correct: Each packet must be checked against rules until a match is found, so more rules usually mean more checks and longer filtering time.

Understanding how firewall filtering scales helps you explain real-world network security performance and design efficient rule sets.

"What if the firewall used a data structure like a hash table to find matching rules instead of checking them one by one? How would the time complexity change?"