Packet Filtering Firewall All You Need To Know In 3 Easy Steps

Introduction

A packet filtering firewall is a network security technique that is used to control data flow to and from a network. It is a security mechanism that allows the movement of packets across the network and controls their flow on the basis of a set of rules, protocols, IP addresses, and ports. 

Let’s understand

What is a packet-filtering firewall?

Packet filtering protects a local network from undesired invasion depending upon the predefined rules. The information passes through a network in the form of small pieces called packets, which travel independently across IP networks. These small packets travel through a node only if they match with predefined filtering rules otherwise get dropped. Hence, the filtering rules that are defined by the network layer firewalls in a packet filtering firewall prove to be highly efficient in providing security mechanisms. 

In this article we will discuss:

  1. Packet filtering firewall diagram.
  2. Advantages and disadvantages of packet filtering firewall.
  3. Packet filtering firewall example.
  4. Types Of Packet Filtering 

1. Packet Filtering Firewall Diagram

Packet filtering controls (allows or drops) packet or data transfer based on the following standards:

  • The address the packet is coming from.
  • The address the packet is going to.
  • The application protocols or rules are set to transfer the data.

The packet filtering firewall shows how filtration is executed on the firewall. The packet filtering firewall checks access control lists (ACLs) to separate packets depending on the upper-layer protocol ID, source and destination port numbers, source and destination IP addresses, and packet transmission routes.

  • The packet filtering firewall analyses the source and destination IP addresses, source, and destination port numbers, and protocol IDs of IP packets as per an ACL. The firewall checks for the information contained in the IP, TCP, or UDP header, and then it decides to accept or drop the packet depending upon the ACL.
  • The firewall can allow fragment-type packets after comparing the information with the ACL. 
  • Additionally, it has a default method, set by users, that allows the packets to pass even if these do not qualify with the ACL. 

As shown in figure 1, the passage of packets depends entirely on the decision of the packet-filtering router firewall. It filters the packets according to the security protocols programmed into the router using the firewall rules. Users set up these packet-filtering firewall rules to build protection against packet transmission and allow only packets that match certain IP addresses or ports. Users may specify rules that will permit only those packets that are meant for their server and decline all other packets. For example, rules may be set to completely reject packets heading for the ports used by NetBIOS, preventing Internet hackers’ unwanted intrusion on NetBIOS server resources.

A packet-filtering firewall can be distinguished into the following types based on the usage of rules:

  • Static packet filtering firewall: In this type of firewall rules are established manually, and the connection between the internal and external networks is left open or closed at all times until changed manually.
  • Dynamic packet filtering firewall: This type of firewall is a more intelligent way of filtering as rules may be changed dynamically depending upon the conditions, and ports are open only for a specific time otherwise remains closed.
  • Stateful packet filtering firewall: It uses a presettable for maintaining a secure connection, and packets pass through in a sequence as approved by the filter rules.

2. Advantages and Disadvantages of Packet Filtering Firewall

Packet-filtering firewalls usually run on either general-purpose computers/routers or special-purpose routers and have their share of packet-filtering firewall advantages and disadvantages.

Packet filtering is an efficient defense system against intrusions from computers or networks outside a local area network (LAN). It is also a standard, and cost-effective means of protection as most routing devices possess integrated filtering capabilities, so there is no need to set a new firewall device. Following are some of the prominent advantages of packet filtering firewall that makes them highly acceptable worldwide:

  • Need only one router: The key advantage of using packet filtering is that it requires the use of only one screening router to protect an entire network. 
  • Highly efficient and fast: The packet filtering router works very fast and effectively and accepts and rejects the packets quickly based on the destination and source ports and addresses. However, other firewall techniques show more time-consuming performance.
  • Transparent to users: Packet filtering works independently without any need for user knowledge or cooperation. Users won’t get to know about the transmission of packets until there is something that got rejected. On the contrary, other firewalls require custom software, the configuration of client machines, or specific training or procedures for users.
  • Built-in packet filtering in routers: Packet filtering capacities are inbuilt in widely used hardware and software routing products. Additionally, now most websites possess packet filtering techniques available in their routers themselves, which also makes this technique the most inexpensive one. 

Although packet filtering offers several advantages, it also has some weaknesses. Some of the disadvantages of a packet filtering firewall are:

  • Filtration based on IP address or Port Information: The biggest disadvantage of packet filtering is that it works on the authentication of IP address and port number and not based on the information like context or application.
  • Packet filtering is stateless: Another big disadvantage of packet filtering is that it does not remember any past invasions or filtered packets. It tests every packet in isolation and is stateless which allows hackers to break the firewall easily. 
  • No safety from address spoofing: The packet filtering does not protect from IP spoofing, in which hackers can insert fake IP addresses in packets to intrude the network.
  • Not a perfect option for all networks: The packet filtering firewalls implementation in highly desirable filters becomes difficult or highly time-consuming. Managing and configuring ACLs sometimes get difficult.

3. Packet Filtering Firewall Example

Packet filters act on the source and destination IP and port addresses that are present in each TCP/IP packet. You can set rules allowing access to only familiar and established IP addresses and denying access to all unknown or unrecognized IP addresses. 

For example, if you set rules denying access to port 80 to outsiders, you would block off all outside access to the HTTP server as most HTTP servers run on port 80. Alternatively, you can set packet filtering firewall rules permitting packets designated for your mail or web server and rejecting all other packets.

Despite its weaknesses, packet filter firewalls are widely used for being leverage and inexpensive. It controls the movement of information/packets according to a set of rules defined by the user and protects the network from unwanted intrusion or attacks. Thus, it acts as a powerful security tool and provides a good network security level.

4. Types Of Packet Filtering 

There are four primary types of packet filtering: 

  1. Static packet filtering firewall

This filtering firewall expects you to establish firewall rules manually. Similarly, internal and external firewall network collection also remains closed or open until and unless adjusted by an administrator. These firewall types allow users to define rules and manage ports, access control lists (ACLs) and IP addresses. They’re often simple and practical, making them an apt choice for smaller applications or users without a lot of criteria.  

  1. Dynamic packet filtering firewall

Dynamic firewalls allow users to adjust rules dynamically to reflect certain conditions. You can set ports to remain open for specified periods of time and to close automatically outside those established time frames. Dynamic packet filtering firewalls offer more flexibility than static firewalls because you can set adjustable parameters and automate certain processes. 

  1. Stateless packet filtering firewall

Stateless packet filtering firewalls are perhaps the oldest and most established firewall options. While they’re less common today, they do still provide functionality for residential internet users or service providers who distribute low-power customer-premises equipment (CPE). They protect users against malware, non-application-specific traffic, and harmful applications. If users host servers for multi-player video games, email, or live-streamed videos, they often must manually configure firewalls if they plan to deviate from default security policies. Manual configurations allow different ports and applications through the packet filter. 

  1. Stateful packet filtering firewall

Unlike stateless packet filtering options, stateful firewalls use modern extensions to track active connections, like transmission control protocol (TCP) and user datagram protocol (UDP) streams. By recognizing incoming traffic and data packets’ context, stateful firewalls can better identify the difference between legitimate and malicious traffic or packages. Typically, new connections must introduce themselves to the firewall before they gain access to the approved list of allowed connections.

Also Read

Related Articles

} }
Request Callback