Labs ICT
⭐ Pro Login

Firewalls

The gatekeepers that filter traffic in and out of your network.

The Network Gatekeeper

A firewall is a security device (hardware, software, or both) that monitors and filters incoming and outgoing network traffic based on predefined rules. It acts as a barrier between your trusted internal network and untrusted external networks (like the internet).

Think of a firewall as a bouncer at a club. It checks every person (packet) trying to enter or leave and decides whether to let them through based on a list of rules.

Types of Firewalls


  Type                    β”‚ How It Works
  ────────────────────────┼─────────────────────────────────────────
  Packet Filtering        β”‚ Examines header of each packet
                          β”‚ (source/dest IP, port, protocol)
                          β”‚ Fast but doesn't inspect content

  Stateful Inspection     β”‚ Tracks connection state
                          β”‚ Knows if a packet is part of an
                          β”‚ established connection or a new request

  Proxy Firewall          β”‚ Acts as intermediary between client
                          β”‚ and server. Client never directly
                          β”‚ contacts the server.

  Next-Generation (NGFW)  β”‚ Combines traditional firewall with
                          β”‚ deep packet inspection, IPS, and
                          β”‚ application awareness

  Application Firewall    β”‚ Filters traffic at the application
                          β”‚ level (e.g., blocking SQL injection)

How Packet Filtering Works


  Firewall Rule Table:
  β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚ #  β”‚ Source IP    β”‚ Dest IP     β”‚ Port     β”‚ Action   β”‚
  β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
  β”‚ 1  β”‚ Any          β”‚ 10.0.0.5    β”‚ 80       β”‚ Allow    β”‚
  β”‚ 2  β”‚ Any          β”‚ 10.0.0.5    β”‚ 443      β”‚ Allow    β”‚
  β”‚ 3  β”‚ Any          β”‚ 10.0.0.5    β”‚ 23       β”‚ Deny     β”‚
  β”‚ 4  β”‚ 192.168.1.0  β”‚ Any         β”‚ Any      β”‚ Allow    β”‚
  β”‚ 5  β”‚ Any          β”‚ Any         β”‚ Any      β”‚ Deny     β”‚
  β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

  Packet arrives:
  Source: 203.0.113.50  Dest: 10.0.0.5  Port: 80
  β†’ Match rule 1: ALLOW βœ“

  Packet arrives:
  Source: 203.0.113.50  Dest: 10.0.0.5  Port: 23
  β†’ Match rule 3: DENY βœ—

Rules are processed in order β€” the first matching rule determines the action. The final "Deny Any" rule blocks everything not explicitly allowed.

Firewall Placement


         INTERNET
             β”‚
     β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”
     β”‚   Firewall    β”‚  ← External firewall (first line of defense)
     β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
             β”‚
     β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”
     β”‚   DMZ         β”‚  ← Public servers (web, email)
     β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
             β”‚
     β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”
     β”‚   Firewall    β”‚  ← Internal firewall (protects private network)
     β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
             β”‚
     β”Œβ”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”
     β”‚ Private Networkβ”‚  ← Internal devices
     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

The DMZ (Demilitarized Zone) is a network segment between the external and internal firewalls. Public-facing servers (web, email) are placed in the DMZ β€” exposed to the internet but isolated from the internal network.

πŸ§ͺ Quick Quiz

What does a firewall do?