A network firewall is a router with rules based on the Transport layer's ports. The rules are whether to allow or block a TCP segment or UDP
datagram based on the Application layer's port number. Here is a list of Well Known Ports. Some ports can only be
used by TCP, others by UDP and some can use both Transport layer protocols.
Firewalls can make decisions based on IP addresses, protocols and ports
This is part of Webmin's Linux Firewall's Add Rule screen. You can see how detailed each rule can be
The firewall can be software based such as the Windows firewall or Linux's iptables or it can be hardware based as part of your broadband router or
edge router on your network. The router resides on the Network layer and it has rules that they are based on IP addresses. It can allow or block IP addresses for a single device or a
complete network. The combination of decisions based on ports and IP addresses create an effective security device to stop unwanted traffic from
entering your network.
Windows has a similar firewalls that can make decisions based on IP addresses, protocols and ports
The order of the rules is important as each rule is checked in sequence.
For effective security, you should have a hardware firewall at the edge of your network to provide overall network security. At each device on your
network, there should be a software firewall that controls the data that is allowed to pass to the device. All data should be inspected to ensure that
it is what you want to allow on your network. You can have inbound rules to control the data coming into the network or device and you can have
outbound rules that control where the data is going to and if the data is allowed out.