The invention relates to an early warning method for an overlarge firewall policy opening range of a platform server. The method comprises the following steps: acquiring packet filtering log information and firewall current policy information of an SYSLOG log server; analyzing the obtained filtering log information to obtain a field in each packet filtering log, performing big data analysis, forming service minimization of a fixed source IP and a fixed destination IP, service minimization of the fixed source IP and the fixed destination IP, and source IP minimization of the fixed destination IP and the fixed destination IP, and determining a simplest strategy; and determining an alarm level through comparison between the simplest strategy and an original strategy, and generating early warning information including an alarm number, alarm time, an alarm level, an alarm name, an alarm belonging unit, an alarm source IP, an alarm destination IP, an alarm service port, a disposal suggestionand a packet filtering log analysis report. According to the invention, the network access of the core server area is ensured to be most effectively controlled and limited. The purposes of improvingthe server security and reducing the security threat are achieved.