Pare-feu
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/firewall/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/firewall/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/firewall/)Use the native HTML custom element.
Définition
Un dispositif de sécurité réseau ou logiciel qui surveille et filtre le trafic entrant et sortant selon des règles prédéfinies. Les pare-feu peuvent bloquer le trafic par adresse IP, numéro de port, protocole ou contenu de la couche application.
Packet Filtering vs. Stateful Inspection
Early firewalls operated at the packet level — examining each packet's source IP, destination IP, protocol, and port number against a set of rules, with no memory of previous packets. Stateful firewalls improved on this by tracking connection state: a packet belonging to an established TCP session is treated differently than an unsolicited inbound SYN.
Modern next-generation firewalls (NGFWs) perform deep packet inspection to identify application protocols regardless of port, block by application identity rather than just IP and port, and integrate Intrusion Detection System (IDS)A security system that monitors network traffic or system activity for suspicious patterns and known attack signatures. Unlike a firewall, an IDS detects and alerts on threats but does not actively block them. capabilities directly into the forwarding path.
Common Firewall Architectures
Perimeter firewalls sit at the network edge, controlling traffic between the internal network and the internet. Host-based firewalls run on individual servers, providing a second layer of defense if perimeter controls are bypassed. Cloud security groups function as virtual stateful firewalls for cloud instances, with rules managed through cloud provider APIs.
Firewall Rule Design
Effective firewall rule design follows the principle of least privilege: deny everything by default, then explicitly allow only necessary traffic. Rules are typically evaluated top-to-bottom, stopping at the first match. Overly permissive rules — allowing broad IP ranges or unnecessary ports — are a primary source of security incidents.
Use Open Port Checker to test whether specific ports are reachable through a firewall from external networks. A firewall working alongside Intrusion Detection System (IDS)A security system that monitors network traffic or system activity for suspicious patterns and known attack signatures. Unlike a firewall, an IDS detects and alerts on threats but does not actively block them. systems provides both access control and behavioral monitoring.