How Firewalls Work
A firewall is not just a tool that “blocks bad connections.” It’s a vital security mechanism that applies networking rules to control what enters and leaves your computer or network. If you want to really understand how firewalls work, let’s break down:
-
What a firewall inspects
-
How it decides what to allow or block
-
What internal resources it uses
-
Where it fits in network communication
🚀 What Does a Firewall Actually Do?
-
The source IP address (where it came from)
-
The destination IP address (where it’s going)
-
The protocol (like TCP, UDP, or ICMP)
-
The port number (for example, port 80 for HTTP or port 443 for HTTPS)
The firewall reads these headers and applies rules to decide whether to:
✅ Allow the packet through
❌ Block the packet
📝 Log the packet for auditing
🧠 How Does a Firewall Make These Decisions?
Firewalls rely on several internal components:
1️⃣ Rules or Policies
These are conditions written by administrators or built into the firewall. A rule could say something like:
-
Allow traffic from this specific IP address on port 80
-
Deny all incoming traffic on port 23
Rules are checked in order, and the first matching rule is applied.
2️⃣ Connection State Table (for Stateful Firewalls)
Stateful firewalls don’t just look at packets one at a time. They remember active connections, keeping track of:
-
The source and destination IP and port
-
The protocol in use
-
The status of the connection (such as new, established, or closing)
This allows the firewall to recognize legitimate traffic that’s part of an existing session and block unsolicited traffic that doesn’t match any known connection.
3️⃣ Buffers and Queues
When packets arrive, they may be briefly held in memory (buffers) so the firewall can inspect or reassemble them before deciding what to do. Well-designed firewalls manage these buffers efficiently to avoid slowing down your network.
4️⃣ Logging and Events
Many firewalls keep logs of blocked packets, rule matches, and connection activity. These logs are useful for troubleshooting and for investigating suspicious activity.
⚙ Types of common Firewalls and What They Look At
Firewalls can operate at different layers of network communication, these are some of the more common ones:
-
Packet filtering firewalls look at basic packet information like IP address, port, and protocol. They apply simple rules but don’t track connections.
-
Stateful firewalls remember active connections and check if incoming packets belong to those connections. They provide stronger security.
-
Application-layer firewalls or proxies can look inside packets at the actual data being sent, such as HTTP headers or FTP commands. These firewalls can block specific applications or types of requests.
🔎 How a Packet Moves Through a Firewall
Here’s a step-by-step of what happens when a packet reaches a firewall:
1️⃣ The packet arrives at the firewall’s network interface.
2️⃣ The firewall checks whether the packet should even be processed — for example, is it on a blocked interface?
3️⃣ If Network Address Translation (NAT) is used, the firewall rewrites IP addresses and ports as needed.
4️⃣ The firewall checks if the packet belongs to an existing connection in its connection table (if it’s a stateful firewall).
5️⃣ If it’s a new connection or a stateless firewall, the packet is compared against the list of firewall rules from top to bottom.
6️⃣ Once a matching rule is found, the firewall applies the rule’s action — allow, block, log, or take another action.
7️⃣ If allowed, the packet is forwarded on to its destination.
⚠ Common Misconceptions About Firewalls
Some myths that often mislead people about firewalls:
-
A firewall alone does not stop malware, phishing, or social engineering attacks. It helps, but you still need other security measures.
-
Hiding your Wi-Fi SSID is not the same as having a firewall — the two serve completely different purposes.
-
A firewall doesn’t protect you from everything on the internet — it enforces traffic rules, but attackers can still try to trick you or exploit weaknesses in apps.
📖 How You Can Learn More
If you want to go deeper into firewall technology, here are some good learning resources:
-
The official Netfilter/iptables documentation: Here
-
OpenBSD pf firewall manual: Here
-
Microsoft’s guide to Windows Firewall: Here
-
The Book of PF by Peter N.M. Hansteen (great for understanding open-source firewalls)
If you prefer hands-on learning, try configuring a personal firewall in Linux with iptables or ufw, or experiment with a virtual firewall lab.
💡 Final Thoughts
Firewalls are not just tools — they’re systems that work based on clear logic and technical rules. By understanding how they inspect packets, maintain connection state, and enforce security policies, you move beyond the surface level and become a more informed practitioner.
✨ Note: I use AI to help refine these guides. If any part sounds robotic, I appreciate your understanding — and I welcome your feedback.
Comments
Post a Comment