A Firewall is a network security device (physical or virtual) that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of rules[3]. It acts as a barrier between the secured internal and external networks and helps protect against unauthorized access and potential threats.
Firewalls examine every packet of data that passes through them and apply the configured rules to determine whether the packet should be allowed or denied[1]. There are several types of firewalls; the most common are network firewalls, host-based firewalls (like iptables and Windows firewall), and next-generation firewalls. Still, they all have similar basic principles of operation.
Here is a simplified explanation of how a firewall works:
- Packet Filtering: When the firewall receives a packet of data, it checks it against predefined rules. Packet filtering rules can be based on various criteria, such as the source IP and destination IP addresses, port numbers, protocols, or the packet’s content, regular expressions. If the packet matches one of the rules, it can pass through or be blocked.
- Stateful Inspection: In addition to packet filtering, many firewalls use stateful inspection to keep track of the state of connections. When a packet passes through the firewall, it checks if it is part of an established connection or trying to initiate a new one. The stateful inspection helps to prevent unauthorized access by allowing only legitimate traffic and blocking any suspicious or malicious attempts.
- Application Layer Inspection: Some firewalls also perform deep packet inspection at the application layer. Application layer inspection means that they analyze the contents of the packet beyond the basic header information. By examining the packet’s payload, the firewall can identify specific applications or protocols and apply more granular rules based on the actual content of the data.
- Logging and Reporting: Firewalls often have logging capabilities to record traffic activity and events. They can generate detailed logs about allowed and denied connections, blocked attacks, and other security incidents. These logs can help monitor network activity, troubleshoot, and conduct security audits.
Firewalls are an essential component of every network security and play a crucial role in protecting networks and systems from unauthorized network access, malicious activities, and potential threats from the Internet [4]. By enforcing security policies and filtering network traffic, firewalls help maintain network resources’ confidentiality, integrity, and availability.