Network Firewalls

Introduction

A network firewall is one of the most fundamental security tools in the modern digital landscape. Think of a firewall as a security guard that stands between your internal network and the outside world (usually the internet). Its primary job is to monitor, filter, and control incoming and outgoing network traffic based on predetermined security rules.

In this guide, we'll explore what firewalls are, how they work, the different types available, and how to implement basic firewall rules to protect your systems.

What is a Firewall?

A firewall is a network security device or software that monitors and filters incoming and outgoing network traffic according to an organization's previously established security policies. Its primary purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) to block malicious traffic like viruses and hackers.

How Firewalls Work

Firewalls work by examining data packets that request entry to your network. These packets are small units of data that travel across networks. Each packet is analyzed against a set of predefined rules. If the packet matches a rule for safe passage, it's allowed through. If it doesn't, it's blocked.

The examination process works through various methods:

1. Packet Filtering

The most basic form of firewall protection examines data packets and prevents them from passing through if they don't match established security rules.

# Example of a simple packet filtering rule (iptables)
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT

This rule allows SSH connections (port 22) only from the local network (192.168.1.0/24).

2. Stateful Inspection

More advanced than simple packet filtering, stateful inspection tracks the state of active connections and uses this information to determine which network packets to allow through the firewall.

3. Proxy Service

Firewalls can also function as a proxy, which means they can receive and send data on behalf of internal clients. This provides an additional layer of security by preventing direct connections between internal and external systems.

Types of Firewalls

Over the years, firewall technology has evolved significantly. Here are the main types:

1. Packet-Filtering Firewalls

The most basic type that examines packets and doesn't allow them to pass through if they don't match an established security rule set. They operate at Layer 3 (Network) and Layer 4 (Transport) of the OSI model.

Advantages:

Low impact on network performance
Cost-effective

Disadvantages:

Limited security capabilities
Cannot understand context of connections

2. Stateful Inspection Firewalls

These keep track of the state of network connections traveling across them, such as TCP streams and UDP communication. They can determine whether a packet is the start of a new connection, part of an existing connection, or not part of any connection.

3. Application Layer Firewalls (Proxy Firewalls)

These operate at the application layer (Layer 7) of the OSI model and can understand certain applications and protocols (such as HTTP, FTP, DNS). They can identify if an unwanted protocol is attempting to bypass the firewall on an allowed port, or if a protocol is being abused.

4. Next-Generation Firewalls (NGFW)

Modern firewalls combine traditional firewall capabilities with additional features like:

Intrusion Prevention Systems (IPS)
Deep packet inspection
Application awareness and control
Advanced threat detection

5. Software vs. Hardware Firewalls

Software Firewalls:

Installed on individual computers
Protect a single endpoint
Examples: Windows Defender Firewall, iptables on Linux

Hardware Firewalls:

Physical devices positioned between your network and gateway
Protect the entire network
Examples: Cisco ASA, Fortinet FortiGate, Palo Alto Networks firewalls

Basic Firewall Implementation

Let's look at some basic examples of implementing firewall rules across different platforms:

Linux (iptables)

bash
# Allow established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow SSH from specific subnet
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT

# Allow HTTP and HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Block everything else (default deny)
iptables -A INPUT -j DROP

Windows Firewall (PowerShell)

powershell
# Allow inbound HTTP traffic
New-NetFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

# Block a specific IP address
New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Inbound -RemoteAddress 203.0.113.5 -Action Block

Practical Example: Setting Up a Basic Firewall

Let's walk through setting up a basic firewall for a small web server environment:

Scenario:

You have a web server that hosts your website and needs:

HTTP (80) and HTTPS (443) open to everyone
SSH (22) access restricted to your office IP range
All other traffic blocked
Protection against common attacks

Solution:

Here's how to implement this with iptables on Linux:

bash
#!/bin/bash

# Flush existing rules
iptables -F

# Set default policies (deny all by default)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established and related connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow HTTP and HTTPS from anywhere
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow SSH only from office network (example IP range)
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT

# Basic protection against port scanning
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP

# Save rules
iptables-save > /etc/iptables/rules.v4

The output would show no errors if executed correctly, and your server would now have basic firewall protection.

Best Practices for Firewall Configuration

Follow the Principle of Least Privilege
- Only allow the minimum access necessary for systems to function
Default Deny
- Start with denying all traffic, then only allow what is explicitly needed
Regular Audits
- Review firewall rules regularly to remove outdated or unnecessary rules
Document Everything
- Keep detailed documentation of what each rule does and why it exists
Layer Your Defenses
- Don't rely solely on firewalls—implement other security measures too
Test Your Configuration
- Regularly test firewall rules to ensure they're working as expected

Common Firewall Challenges and Solutions

Challenge: Legitimate Traffic Being Blocked

Solution: Implement proper logging and analyze logs to identify patterns of legitimate traffic being blocked. Create specific rules to allow this traffic.

Challenge: Performance Impact

Solution: Optimize rules by placing the most frequently matched rules at the top of the rule list. Consider hardware upgrades for high-traffic environments.

Challenge: Maintenance Overhead

Solution: Use firewall management tools that allow centralized control and automated rule deployment.

Firewall Limitations

While firewalls are essential for network security, they have limitations:

They can't protect against:
- Malware that's already inside your network
- Social engineering attacks
- Insider threats
- Encrypted malicious traffic
They need proper configuration:
- A misconfigured firewall can give a false sense of security

Summary

Firewalls serve as the first line of defense in network security by monitoring and controlling incoming and outgoing network traffic. By implementing proper firewall rules, you can significantly reduce the risk of unauthorized access and potential data breaches.

Remember that a firewall is just one component of a comprehensive security strategy. It should be combined with other security measures like:

Regular software updates
Strong authentication mechanisms
Intrusion detection systems
Security awareness training
Regular security audits

Exercises

Set up a basic firewall on your personal computer using the built-in firewall tool.
Create a firewall rule that blocks all incoming traffic except HTTP, HTTPS, and SSH.
Research how to configure a firewall to protect against DDoS attacks.
Compare the features of three different firewall solutions (both hardware and software).
Design a firewall architecture for a small business with the following requirements:
- Public-facing web server
- Internal database server
- VPN access for remote employees
- Protection against common web attacks

Additional Resources

Documentation for common firewall systems:
Books:
- "Firewalls and Internet Security" by William R. Cheswick
- "Linux Firewalls" by Michael Rash
Online courses:
- CompTIA Security+
- Cisco CCNA Security

If you spot any mistakes on this website, please let me know at [email protected]. I’d greatly appreciate your feedback! :)

Introduction​

What is a Firewall?​

How Firewalls Work​

1. Packet Filtering​

2. Stateful Inspection​

3. Proxy Service​

Types of Firewalls​

1. Packet-Filtering Firewalls​

2. Stateful Inspection Firewalls​

3. Application Layer Firewalls (Proxy Firewalls)​

4. Next-Generation Firewalls (NGFW)​

5. Software vs. Hardware Firewalls​

Basic Firewall Implementation​

Linux (iptables)​

Windows Firewall (PowerShell)​

Practical Example: Setting Up a Basic Firewall​

Scenario:​

Solution:​

Best Practices for Firewall Configuration​

Common Firewall Challenges and Solutions​

Challenge: Legitimate Traffic Being Blocked​

Challenge: Performance Impact​

Challenge: Maintenance Overhead​

Firewall Limitations​

Summary​

Exercises​

Additional Resources​