Computer Networksknowledge~6 mins

Firewalls and packet filtering in Computer Networks - Full Explanation

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Introduction

Imagine you want to protect your home from unwanted visitors while still allowing friends to come in. In computer networks, firewalls act like security guards that decide who can enter or leave a network. Packet filtering is one way these guards check each visitor's ID before letting them pass.

Explanation

Firewall Basics

A firewall is a security system that controls the flow of data between a trusted network and an untrusted one, like the internet. It acts as a barrier that blocks or allows data based on a set of rules. This helps protect computers from harmful traffic or attacks.

Firewalls protect networks by controlling which data can enter or leave based on security rules.

Packet Filtering Mechanism

Packet filtering examines small pieces of data called packets as they try to pass through the firewall. Each packet has information like source and destination addresses and ports. The firewall checks these details against its rules to decide if the packet should be allowed or blocked.

Packet filtering lets firewalls decide to allow or block data packets based on their header information.

Rules and Criteria

The firewall uses rules that specify which packets are safe or unsafe. These rules can include IP addresses, port numbers, and protocols. For example, a rule might block all packets from a suspicious IP or allow only web traffic on port 80.

Firewall rules define which packets are allowed or blocked based on specific packet details.

Limitations of Packet Filtering

Packet filtering only looks at packet headers, not the content inside. This means it can't detect harmful data hidden within allowed packets. Also, it doesn't remember past packets, so it can't track ongoing connections or attacks.

Packet filtering is simple but cannot inspect packet content or track connection states.

Real World Analogy

Imagine a security guard at a building entrance checking IDs and addresses on envelopes before letting mail inside. The guard only looks at the outside information, not what is inside the envelope. If the address or ID matches the rules, the mail is allowed in; otherwise, it is rejected.

Firewall Basics → The security guard controlling who can enter the building

Packet Filtering Mechanism → Checking the envelope's address and sender before allowing it inside

Rules and Criteria → The list of allowed or blocked addresses and IDs the guard uses

Limitations of Packet Filtering → The guard not opening envelopes, so harmful content inside can go unnoticed

Diagram

┌───────────────┐       ┌───────────────┐       ┌───────────────┐
│ Incoming Packets │ ───▶ │ Firewall with │ ───▶ │ Allowed or     │
│ (Data from      │       │ Packet Filter │       │ Blocked Packets│
│ Internet)       │       │ Rules         │       │               │
└───────────────┘       └───────────────┘       └───────────────┘

This diagram shows packets coming from the internet, passing through a firewall that filters them, and then being allowed or blocked.

Key Facts

Firewall → A system that controls network traffic to protect against unauthorized access.

Packet → A small unit of data sent over a network containing header and payload.

Packet Filtering → A firewall technique that checks packet headers to allow or block traffic.

Packet Header → The part of a packet containing source, destination, and protocol information.

Firewall Rule → A condition that defines which packets are allowed or blocked by the firewall.

Common Confusions

Believing packet filtering inspects the content inside packets.

Believing packet filtering inspects the content inside packets. Packet filtering only examines header information, not the actual data inside packets.

Thinking firewalls automatically block all harmful traffic without rules.

Thinking firewalls automatically block all harmful traffic without rules. Firewalls rely on rules set by administrators to decide which traffic to allow or block.

Assuming packet filtering tracks ongoing connections.

Assuming packet filtering tracks ongoing connections. Packet filtering is stateless and does not remember past packets or connection states.

Summary

Firewalls protect networks by controlling which data packets can enter or leave based on rules.

Packet filtering checks packet header details like addresses and ports to allow or block traffic.

Packet filtering is simple but cannot inspect packet content or track connection states.