System and method for firewall policy rule management

The invention claimed is: 1. A method for updating network policies, the method comprising: for each host in a subset of hosts, determining a plurality of policies relevant to the host, wherein each policy of the plurality of policies permits or prevents a network connection between the host and one or more computer systems, and determining a difference between the plurality of policies relevant to the host and a plurality of policies relevant to the host determined at an earlier time, wherein the determining of the difference comprises, for each host in the subset of hosts, by a corresponding difference service of a plurality of difference services: generating a difference file, the difference file recording deleted policies; and storing the generated difference file in a directory storing the plurality of policies relevant to the host; wherein the difference service for the host consumes files to compare from a message bus, the files to compare output by a corresponding simplify service for the host, the simplify service for the host filtering information from a compressed policy file, the compressed policy file comprising the plurality of policies relevant to the host; and for each host in the subset of hosts, installing the plurality of policies relevant to the host. 2. The method of claim 1 , wherein the difference is determined by comparing a file containing the plurality of policies relevant to the host, and a file containing the plurality of policies relevant to the host determined at an earlier time. 3. The method of claim 1 , wherein: the difference is saved in a first file; and the plurality of policies relevant to the host is saved in a second file; and the first file and the second file are stored in the same directory. 4. The method of claim 3 , wherein the directory is indexed by the host relevant to the policies and the time period relevant to the policies. 5. The method of claim 1 comprising: determining, from a set of hosts, a subset of hosts to have policies updated, the determining based on a table; adding a host to the table if a query is received from the host; and removing a host from the table if a query is not received from the host during a predetermined time period. 6. The method of claim 1 , wherein the subset of hosts is determined based on the time zone corresponding to the location of each host in the subset of hosts. 7. The method of claim 1 , wherein a policy relevant to a host is a policy that is designed to work with the host. 8. A system for updating network policies, the system comprising: at least one memory; and a plurality of processors, wherein: at least one processor among the plurality of processors is configured to for each host in the subset of hosts, determine a plurality of policies relevant to the host, wherein each policy of the plurality of policies permits or prevents a network connection between the host and one or more computer systems, and determine a difference between the plurality of policies relevant to the host and a plurality of policies relevant to the host determined at an earlier time, wherein the determining of the difference comprises, for each host in the subset of hosts, by a corresponding difference service of a plurality of difference services: generating a difference file, the difference file recording deleted policies; and storing the generated difference file in a directory storing the plurality of policies relevant to the host; wherein the difference service for the host consumes files to compare from a message bus, the files to compare output by a corresponding simplify service for the host, the simplify service for the host filtering information from a compressed policy file, the compressed policy file comprising the plurality of policies relevant to the host; and for each host in the subset of hosts, at least one processor among the plurality of processors is configured to install the plurality of policies relevant to the host. 9. The system of claim 8 , wherein the difference is determined by comparing a file containing the plurality of policies relevant to the host, and a file containing the plurality of policies relevant to the host determined at an earlier time. 10. The system of claim 8 , wherein: the difference is saved in a first file; and the plurality of policies relevant to the host is saved in a second file; and the first file and the second file are stored in the same directory. 11. The system of claim 10 , wherein the directory is indexed by the host relevant to the policies and the time period relevant to the policies. 12. The system of claim 8 wherein at least one processor among the plurality of processors is configured to: determine, from a set of hosts, a subset of hosts to have policies updated, the determining based on a table; add a host to the table if a query is received from the host; and remove a host from the table if a query is not received from the host during a predetermined time period. 13. The system of claim 8 , wherein the subset of hosts is determined based on the time zone corresponding to the location of each host in the subset of hosts. 14. The system of claim 8 , wherein a policy relevant to a host is a policy that is designed to work with the host. 15. A method for distributing network rules, the method comprising: determining for each of a set of hosts, a plurality of rules to be applied to the host, wherein each rule of the plurality of rules permits or prevents a network connection between the host and one or more computer systems, and determining a difference between the plurality of rules to be applied to the host and a previous plurality of rules to be applied to the host, wherein the determining of the difference comprises, for each host in the set of hosts, by a corresponding difference service of a plurality of difference services: generating a difference file, the difference file recording deleted rules; and storing the generated difference file in a directory storing the plurality of rules to be applied to the host; wherein the difference service for the host consumes files to compare from a message bus, the files to compare output by a corresponding simplify service for the host, the simplify service for the host filtering information from a compressed rule file, the compressed rule file comprising the plurality of rules to be applied to the host; and for each host of the set of hosts, installing the plurality of rules to be applied to the host. 16. The method of claim 15 , wherein the difference is determined by comparing a file containing the plurality of rules to be applied to the host, and a previous file of rules to be applied to the host. 17. The method of claim 15 , wherein: the difference is saved in a first file; and the plurality of rules to be applied to the host is saved in a second file; and the first file and the second file are stored in the same directory. 18. The method of claim 17 , wherein the directory is indexed by the host relevant to the rules and the time period relevant to the rules. 19. The method of claim 15 comprising: determining, from a set of hosts, a subset of hosts to have rules updated, the determining based on a table; adding a host to the table if a query is received from the host; and removing a host from the table if a query is not received from the host during a predetermined time period. 20. The method of claim 15 , wherein a rule to be applied to a host is a rule that is designed to work with the