Firewall Basics

What Is a Firewall?

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on a set of rules. It acts as a barrier between trusted internal networks and untrusted external networks.

Types of Firewalls

Packet Filtering (Stateless)

Examines each packet independently based on source/destination IP, port, and protocol. Fast but limited — doesn't understand connection context.

Stateful Inspection

Tracks the state of active connections and makes decisions based on the context of the traffic. Knows that an incoming packet is a response to an outgoing request.

Application-Layer Gateway

Inspects traffic at the application level (HTTP, FTP, DNS). Can detect malicious content within allowed protocols.

Next-Generation Firewall (NGFW)

Combines stateful inspection with deep packet inspection, intrusion prevention, and application awareness.

Firewall Rules

Rules are evaluated in order (first match wins). Each rule specifies:

ACTION    PROTOCOL    SOURCE       DEST         PORT     DIRECTION
ALLOW     TCP         192.168.1.0/24  ANY       80,443   OUTBOUND
DENY      TCP         ANY          ANY          23       INBOUND
ALLOW     TCP         10.0.0.5     ANY          22       INBOUND
DENY      ANY         ANY          ANY          ANY      ANY        (default)

Rule Best Practices

• Default deny — Block everything, then allow specific traffic
• Least privilege — Only open ports that are needed
• Specific first — Place more specific rules before general ones
• Log denied traffic — Helps identify attacks and misconfigurations
• Regular review — Remove rules that are no longer needed

Stateful vs Stateless

Common Firewall Configurations

• Perimeter firewall — Sits between internal network and internet
• Host-based firewall — Runs on individual devices (Windows Firewall, iptables)
• DMZ — A semi-trusted zone for public-facing servers, isolated from the internal network