What Is a Firewall

🔥 What Is a Firewall?

• Definition: A firewall is a security system (hardware or software) that monitors and controls incoming and outgoing network traffic based on predetermined rules.
• Purpose: Acts as a barrier between a trusted internal network and untrusted external networks (like the internet).
• Analogy: Think of it as a security guard at the gate of your network — deciding which data packets are allowed in or out.

🧩 Types of Firewalls

1. Packet-Filtering Firewall
   • Examines packets (basic units of data) and allows/blocks them based on IP addresses, ports, or protocols.
   • Simple, fast, but limited (doesn’t inspect content deeply).
2. Stateful Inspection Firewall
   • Tracks the state of active connections.
   • More secure than packet filtering because it understands context (e.g., whether a packet is part of an established session).
3. Proxy Firewall (Application-Level Gateway)
   • Acts as an intermediary between users and the internet.
   • Can inspect traffic at the application layer (e.g., HTTP, FTP).
   • Provides deeper filtering but may slow performance.
4. Next-Generation Firewall (NGFW)
   • Combines traditional firewall features with advanced capabilities:
     • Deep packet inspection
     • Intrusion prevention
     • Application awareness
     • Integration with threat intelligence
5. Hardware vs Software Firewalls
   • Hardware: Physical devices placed between networks (common in enterprises).
   • Software: Installed on individual computers/servers (common for personal use).

⚙️ How Firewalls Work

• Rules: Firewalls use rules (access control lists) to decide whether traffic is allowed or blocked.
• Filtering Criteria:
  • Source/destination IP address
  • Port number
  • Protocol (TCP, UDP, ICMP)
  • Application type (web, email, file transfer)
• Actions: Allow, block, or log traffic.