Network Firewalls

A network firewall is a router with rules based on the Transport layer's ports. The rules are whether to allow or block a TCP segment or UDP datagram based on the Application layer's port number. Here is a list of Well Known Ports. Some ports can only be used by TCP, others by UDP and some can use both Transport layer protocols.

Firewalls can make decisions based on IP addresses, protocols and ports

This is part of Webmin's Linux Firewall's Add Rule screen. You can see how detailed each rule can be

The firewall can be software based such as the Windows firewall or Linux's iptables or it can be hardware based as part of your broadband router or edge router on your network. The router resides on the Network layer and it has rules that they are based on IP addresses. It can allow or block IP addresses for a single device or a complete network. The combination of decisions based on ports and IP addresses create an effective security device to stop unwanted traffic from entering your network.

Windows has a similar firewalls that can make decisions based on IP addresses, protocols and ports

The order of the rules is important as each rule is checked in sequence.

For effective security, you should have a hardware firewall at the edge of your network to provide overall network security. At each device on your network, there should be a software firewall that controls the data that is allowed to pass to the device. All data should be inspected to ensure that it is what you want to allow on your network. You can have inbound rules to control the data coming into the network or device and you can have outbound rules that control where the data is going to and if the data is allowed out.

If this page has helped you, please consider donating $1.00 to support the cost of hosting this site, thanks.

Return to

TelecomWorld 101

Copyright July 2013 Eugene Blanchard