Firewalls

Firewalls receive, and then drop or allow, incoming and outgoing traffic to pass through a network based on rules defined by a system or network administrator.

We can think of a firewall as a border guard. It sees all traffic directed at it, and then decides if it will allow the traffic to pass through onto its destination, or if it will prevent the traffic from further travel.

The most common type of firewall is a packet filter, which essentially takes in each packet it receives and decides if the packet should continue on its journey (or not). The rules it uses to determine the fate of each packet are captured in an Access Control List (ACL).

ACLs have several applications for security. For example, they are often used to determine permissions on a filesystem or to determine access levels on an Active Directory domain. In the context of firewalls, ACLs are simply lists of rules that express if a packet originating from some source and/or directed to some destination should pass through or not. There are slightly more complex rule sets available (depending on the implementation) rather than just drop or accept. For example, a firewall's ACL may specify a reject rule, that drops a given packet but also sends a message to the originator to let them know that their packet was rejected.

Firewalls can be used to control traffic on a particular machine, or to control traffic throughout a network. For example the iptables program included on Kali and other Linux distributions is a host-based firewall that allows the user to administer various rules that dictate how traffic is handled by the machine.

Network-based firewalls, on the other hand, can also be implemented as software running on a dedicated host, but they can also be implemented as special standalone hardware devices.

Relevant Note(s): Network Technologies