A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predefined security rules.
What is a Firewall?
A firewall acts as a barrier between a trusted network (internal) and an untrusted network (external, such as the Internet), controlling what traffic can pass through it.
Types of Firewall
1. Network Firewall
Protects the entire network from the perimeter:
- Hardware Firewall: Dedicated physical devices
- Software Firewall: Applications running on servers
- Application Firewall: Protects specific applications
2. Host-based Firewall
Protects an individual system:
- Windows Firewall: Integrated in Windows
- iptables: For Linux systems
- pfSense: BSD distribution for firewalls
3. Web Application Firewall (WAF)
Protects specific web applications:
- Cloudflare WAF: Cloud service
- AWS WAF: Amazon service
- ModSecurity: Open source WAF
Filtering Technologies
Packet Filtering
Examines each packet individually:
Stateful Inspection
Maintains the state of connections:
- TCP Connections: Tracking SYN, ACK, FIN states
- UDP Connections: Tracking bidirectional flows
- ICMP Connections: Tracking requests and responses
Application Layer Filtering
Inspects application content:
- HTTP/HTTPS: Web content filtering
- SMTP: Email filtering
- FTP: File transfer control
Basic Configuration
Firewall Rules
Security Zones
- Internal Zone: Trusted networks
- DMZ Zone: Public servers
- External Zone: Internet
Best Practices
1. Principle of Least Privilege
- Deny by default
- Allow only what is necessary
- Review rules regularly
2. Network Segmentation
- Separate networks by function
- Implement microsegmentation
- Use VLANs for isolation
3. Monitoring and Logging
4. Regular Updates
- Keep firmware updated
- Review obsolete rules
- Apply security patches
Common Tools
Open Source Firewalls
- iptables: For Linux
- pfSense: BSD distribution
- OPNsense: pfSense fork
- Smoothwall: Linux firewall
Commercial Firewalls
- Cisco ASA: Enterprise solution
- Fortinet FortiGate: NGFW
- Palo Alto Networks: Next-generation firewall
- Check Point: Comprehensive solution
Advanced Configuration
NAT (Network Address Translation)
Port Forwarding
Rate Limiting
Monitoring and Analysis
Monitoring Tools
- Wireshark: Packet analysis
- tcpdump: Traffic capture
- netstat: Connection status
- ss: Modern netstat tool
Important Metrics
- Blocked vs allowed traffic
- Suspicious connection attempts
- Bandwidth usage
- Network latency
Troubleshooting
Common Problems
Inaccessible services
- Check firewall rules
- Verify open ports
- Review connection logs
Slow performance
- Optimize rules
- Review hardware
- Analyze traffic
False positives
- Adjust rules
- Implement whitelist
- Review policies
Related Concepts
- VLAN - Network segmentation that complements the firewall
- VPN - Secure connections that traverse the firewall
- WAF - Firewall specific to web applications
- SIEM - System that collects firewall logs
- SOAR - Automation of firewall configurations
- Routers - Network devices that work with firewalls
- Switches - Switching devices on the network
- Networks - Network infrastructure protected by firewalls
- Network Security - Discipline that includes firewalls
- Attack Vectors - Threats that the firewall blocks
- Logs - Logs generated by the firewall