A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between trusted internal networks and untrusted external networks.
Types of Firewalls
Packet Filtering
Examines packets at the network layer based on source/destination IP, port, and protocol. Simple but lacks deep inspection.
Stateful Inspection
Tracks active connections and makes decisions based on connection state, not just individual packets.
Next-Generation Firewall (NGFW)
Combines traditional firewall with IPS, application awareness, SSL inspection, and threat intelligence.
Configuration Best Practices
# iptables example - basic rules
iptables -P INPUT DROP # Default deny
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -j LOG --log-prefix "Dropped: "Key Principles
- Default deny policy
- Least privilege access
- Regular rule review
- Document all rules
December 2024