# Firewall ## What is a Firewall A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on a set of predefined security rules. A firewall establishes a barrier between trusted internal networks and untrusted external networks such as the internet. When traffic attempts to pass through the firewall, the firewall examines the traffic against its rules and either allows the traffic to pass or blocks it. Firewalls are one of the most fundamental components of network security and are deployed in virtually every organization connected to the internet. ## Types of Firewalls Packet filtering firewalls operate at the Network layer and examine each packet in isolation, checking the source and destination IP addresses, source and destination port numbers, and the protocol being used. If the packet matches a rule that allows it, the packet passes through. If it matches a blocking rule or does not match any allowing rule, it is dropped. Packet filtering is fast but cannot examine the content of packets or understand the context of communications. Stateful inspection firewalls maintain a state table that tracks active connections passing through the firewall. Rather than examining each packet in isolation, a stateful firewall understands that packets belong to ongoing connections. This allows it to make more intelligent decisions. For example, it can automatically allow response packets for connections that were established from the trusted internal network, without needing explicit rules for each direction of traffic. Application layer firewalls, also called proxy firewalls, operate at the Application layer and can examine the actual content of network traffic. They understand specific application protocols like HTTP and can make decisions based on the content of web requests, not just the IP addresses and ports. Application layer firewalls can detect and block specific types of malicious content. Next-generation firewalls combine traditional firewall capabilities with additional features such as deep packet inspection, intrusion prevention, application awareness and control, and integration with threat intelligence feeds. ## How Firewalls Work Network administrators configure firewall rules that specify what traffic should be allowed and what should be blocked. Rules typically specify the source address or range, the destination address or range, the port number, and the protocol. Rules are evaluated in order, and the first matching rule determines the action taken. Most firewalls have an implicit deny all rule at the end that blocks any traffic that does not match an explicit allow rule.