Firewalls are one of the essential components of secure networks. However, configuring
firewall rule tables for large networks with complex security requirements is a difficult and error
prone task. A method of representing firewall rule table that allows comparison of two tables is
developed, and an algorithm that determines if two tables are equivalent is provided. (That is
the set of packets that are permitted by the two tables are the same.) How such algorithm can
assist system administrators to correctly implement organisational policy is discussed. The proposed
approach is implemented and the results of the experiments are shown.