Improve nACL Optimization

- [ ] Using the power of `deny` rules: Sometimes there is a hole that can be blocked with a deny rule and then a larger allow rule, instead of several allow rules (see example 1). Dividing the cubes into groups of adjacent cubes and checking whether it is better to use complement rules instead may improve the optimization.
- [ ] Currently the `activeRules` algorithm runs according to the `src` dimension, but it might be improved if we run it from other dimensions as well. See Example 2.
- [ ] `src`, `dst` of nACL rules should be a single CIDR. This could be improved, see example 3.

---
### example one

can be converted into 2 rules
![image](https://github.com/user-attachments/assets/dcfdbf49-9b8d-489d-9514-39fb5698d92f)

---
### example two

can be converted into 2 cubes
![image](https://github.com/user-attachments/assets/71c4a1f8-c3dd-4db0-80ad-1a4d20aa57f1)

---
### example three

```
allow src -> 1.1.1.1
allow src -> 1.1.1.2/31
allow src -> 1.1.1.4/30
allow src -> 1.1.1.8/29
```

can be converted to:
```
deny src -> 1.1.1.0
allow src -> 1.1.1.0/28
```
---
Note: In the examples above, assume that x axis is `srcIP` and y axis is `dstIP`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve nACL Optimization #248

example one

example two

example three

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Improve nACL Optimization #248

Description

example one

example two

example three

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions