A firewall is a networking device that is installed at the entrance to a LAN when connecting a networks together, particularly when connecting a private network to a public network, such as the internet. The firewall uses rules to filter traffic into and out of the private network, to protect the private network users and data from malevolent hackers.
Firewalls are either hardware or software, depending on their intended use. A firewall used to protect a network is a hardware device that should be installed in the network between the router and the network. Almost all hardware firewalls will have at least two ports, labeled “Trusted” and “Untrusted”. These terms imply the true nature of the firewall’s responsibility to the private network. The public network is connected to the untrusted network port, and the private network is connected to the trusted port.
Firewall rules are usually simple, consisting of a verb, either allow or deny, the direction of the traffic, either inbound or outbound, and an address or other network traffic identifier. Firewall rules are cumulative, so general rules may be specified, and exceptions added as necessary. Some examples are:
- Allow outbound all (all private network users can do anything on the public network)
- Deny inbound all (default setting to prevent all traffic from the public or untrusted port, to the private port)
- Allow inbound port 80 (allow internet web traffic to come into network to find web servers)
- Allow inbound port 80 destined to 18.104.22.168 (allow inbound web traffic to a specific web server on your private network)
- Deny inbound from 22.214.171.124/24 (deny all inbound traffic from a specific IP address or range of addresses)
Software firewalls are commonly included in modern workstation and server operating systems. They operate in a similar way as hardware firewalls, except that they filter traffic in and out of the machine itself. These software firewalls are typically unnoticed by machine users, and only need attention occasionslly when an internet-connected application don’t work as expected. The software firewall should always be considered a “suspect” in such cases. The problem is easily resolved, by setting an exception rule in the firewall for the software that is attempting to communicate.