Firewalls are critical in securing private networks of businesses, institutions, and home networks. A firewall is often placed at the entrance between a private network and the external network so that it can check each incoming or outgoing packet and decide whether to accept or discard the packet based on its policy. A firewall policy is usually specified as a sequence of rules, called Access Control List (ACL), and each rule has a predicate over multiple packet header fields source IP, destination IP, source port, destination port, and protocol type) and a decision (i.e., accept and discard) for the packets that match the predicate. The rules in a firewall policy typically follow the first-match semantics where the decision for a packet is the decision of the first rule that the packet matches in the policy. Each physical interface of a router/firewall is configured with two ACLs: one for filtering outgoing packets and the other one for filtering incoming packets. The terms firewalls, firewall policies, and ACLs interchangeably. Prior work on intra-firewall redundancy removal aims to detect redundant rules within a single firewall. Gupta identified backward and forward redundant rules in a firewall. Pointed out that the redundant rules identified by Gupta are incomplete, and proposed two methods for detecting all redundant rules.