A firewall is a security system that monitors and controls incoming and outgoing network traffic. It acts as a barrier between trusted and untrusted networks, enforcing rules to protect your systems from unauthorized access and attacks. This tutorial explains how firewalls work and the different types you might encounter.
Step 1: What Does a Firewall Do?
A firewall inspects packets and decides whether to allow or block them based on a set of predefined rules.
- Allow: Permit traffic that matches rules.
- Deny: Block traffic that doesn’t meet criteria.
Step 2: Types of Firewalls
- Packet-Filtering Firewall: Filters traffic based on source/destination IP, port, and protocol.
- Stateful Firewall: Tracks active connections and makes decisions based on the state of traffic.
- Application-Layer Firewall: Understands specific applications like HTTP, SMTP and filters data accordingly.
- Next-Gen Firewall (NGFW): Combines multiple types and includes intrusion prevention, deep packet inspection, etc.
Step 3: Inbound vs Outbound Rules
- Inbound Rules: Control traffic coming into your network.
- Outbound Rules: Control traffic leaving your network.
Step 4: Examples of Common Rules
ALLOW TCP 80 FROM ANY TO 192.168.1.10
DENY UDP 53 TO ANY
This allows HTTP traffic to a local web server but blocks outgoing DNS traffic.
Step 5: Host-Based vs Network Firewalls
- Host-Based: Installed on a device (e.g., Windows Defender Firewall).
- Network Firewall: Physical or virtual appliance managing traffic for a whole network.
Next Steps
Try checking your system’s firewall rules using the control panel (Windows) or ufw/iptables on Linux. Understanding how rules are structured helps you troubleshoot and secure networks effectively.