What a firewall does
A firewall sits at a network boundary and enforces a policy about which traffic may pass. The simplest form is a packet filter that inspects each packet header and matches it against an ordered list of rules, allowing or dropping based on the first match.
What rules match on
- Source and destination IP to permit or block specific hosts or ranges.
- Port numbers to allow services like web traffic while blocking others.
- Protocol such as TCP, UDP, or ICMP.
- Direction to treat inbound and outbound traffic differently.
A pure packet filter is stateless, judging each packet alone, which makes it fast but blind to whether a packet belongs to an established connection. A stateful firewall tracks connection state, so it can automatically allow return traffic for a connection the inside started while blocking unsolicited inbound packets. A good policy uses a default deny stance, allowing only explicitly permitted traffic.
Key idea
A packet filter allows or drops packets by matching headers against ordered rules, and a stateful firewall also tracks connections.