The Network Gatekeeper
A firewall is a security device (hardware, software, or both) that monitors and filters incoming and outgoing network traffic based on predefined rules. It acts as a barrier between your trusted internal network and untrusted external networks (like the internet).
Think of a firewall as a bouncer at a club. It checks every person (packet) trying to enter or leave and decides whether to let them through based on a list of rules.
Types of Firewalls
Type β How It Works
βββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββ
Packet Filtering β Examines header of each packet
β (source/dest IP, port, protocol)
β Fast but doesn't inspect content
Stateful Inspection β Tracks connection state
β Knows if a packet is part of an
β established connection or a new request
Proxy Firewall β Acts as intermediary between client
β and server. Client never directly
β contacts the server.
Next-Generation (NGFW) β Combines traditional firewall with
β deep packet inspection, IPS, and
β application awareness
Application Firewall β Filters traffic at the application
β level (e.g., blocking SQL injection)
How Packet Filtering Works
Firewall Rule Table:
ββββββ¬βββββββββββββββ¬ββββββββββββββ¬βββββββββββ¬βββββββββββ
β # β Source IP β Dest IP β Port β Action β
ββββββΌβββββββββββββββΌββββββββββββββΌβββββββββββΌβββββββββββ€
β 1 β Any β 10.0.0.5 β 80 β Allow β
β 2 β Any β 10.0.0.5 β 443 β Allow β
β 3 β Any β 10.0.0.5 β 23 β Deny β
β 4 β 192.168.1.0 β Any β Any β Allow β
β 5 β Any β Any β Any β Deny β
ββββββ΄βββββββββββββββ΄ββββββββββββββ΄βββββββββββ΄βββββββββββ
Packet arrives:
Source: 203.0.113.50 Dest: 10.0.0.5 Port: 80
β Match rule 1: ALLOW β
Packet arrives:
Source: 203.0.113.50 Dest: 10.0.0.5 Port: 23
β Match rule 3: DENY β
Rules are processed in order β the first matching rule determines the action. The final "Deny Any" rule blocks everything not explicitly allowed.
Firewall Placement
INTERNET
β
βββββββββ΄ββββββββ
β Firewall β β External firewall (first line of defense)
βββββββββ¬ββββββββ
β
βββββββββ΄ββββββββ
β DMZ β β Public servers (web, email)
βββββββββ¬ββββββββ
β
βββββββββ΄ββββββββ
β Firewall β β Internal firewall (protects private network)
βββββββββ¬ββββββββ
β
βββββββββ΄ββββββββ
β Private Networkβ β Internal devices
βββββββββββββββββ
The DMZ (Demilitarized Zone) is a network segment between the external and internal firewalls. Public-facing servers (web, email) are placed in the DMZ β exposed to the internet but isolated from the internal network.