World is Welcome To The World of Linux

Journey into the world of linux

Menu
  • About
  • Welcome
Menu

Packet Filtering Firewall: An Introduction

Posted on June 27, 2010 by Ganesh Sharma

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

The Packet Filtering Firewall is one of the most basic firewalls. The first step in protecting internal users from the external network threats is to implement this type of security. The first ever firewalls used were of packet filtering type only. As the trends of network threats started changing, so did the firewall building strategies. Most of the routers have packet filtering built-in, but the problem with the routers is that, they are difficult to configure and don’t provide extensive logs of the incidents. In my previous firewall tutorials I talked about firewall policies and few other things. That information is also used while designing such firewalls.

To start with the network security, the packet filtering firewalls are the way to go. This functinality is still the main aim of most of the commercial and non-commercial firewalls. As you know by the definition and the purpose of the firewall, the firewall is the first destination for the traffic coming to your internal network. So, anything which comes to your internal network, passes through the firewall. Of course, reverse is also true. Any outgoing traffic will also pass through the firewall before leaving your network completely. This is the reason that sometimes this type of firewall filter is also called screening routers.

Types of Packet Filtering

Packet filtering firewall allows only those packets to pass, which are allowed as per your firewall policy. Each packet passing through is inspected and then the firewall decides to pass it or not. The packet filtering can be divided into two parts:

  1. Stateless packet filtering.
  2. Stateful packet filtering.

The data travels through the internet in the form of packets. Each packet has a header which provides the information about the packet, its source and destination etc. The packet filtering firewalls inpects these packets to allow or deny them. The information may or may not be remembered by the firewall.

Stateless Packet Filtering

If the information about the passing packets is not remembered by the firewall, then this type of filtering is called stateless packet filtering. This type of firewalls are not smart enough and can be fooled very easily by the hackers. These are especially dangerous for UDP type of data packets. The reason is that, the allow/deny decisions are taken on packet by packet basis and these are not related to the previous allowed/denied packets.

Stateful Packet Filtering

If the firewall remembers the information about the previously passed packets, then that type of filering is stateful packet filtering. These can be termed as smart firewalls. This type of filtering is also known as Dynamic packet filtering.

What Should Be Inspected In A Packet Header

In a packet header few of the possible things which should be checked are:

  1. Source IP address of the packet. This is necessary because IP spoofers might have changed the source IP address to reflect the origin of packet from somewhere else, rather than reflecing the original source.
  2. Destination IP Address. The firewall rules should check for IP address rather than DNS names. This prevents abuse of DNS servers.
  3. IP Protocol ID.
  4. TCP/UDP port number.
  5. ICMP message type.
  6. Fragmentation flags.
  7. IP Options settings.

Important Features of Packet Filters

The great firewalls normally follow few specific rules upon which features are incorporated during firewall designing. Few are listed below:

  1. The firewall should provide good deal of logs. The more detailed are the logs, the better the protection.
  2. The command line syntax or GUI of firewall should be easy to create new rules and of course firewall exceptions.
  3. The packet filter orders should be evaluated carefully in order to make the filtering fruiteful.

At the end, a word of caution. You SHOULD NOT depend only upon packet filtering firewalls for the security of your network. Firewalls network security is not fully reliable, we need to take several other measures in order to have full network security.

5 thoughts on “Packet Filtering Firewall: An Introduction”

  1. Pingback: Proxy Firewall and Gateway Firewall: Introduction | World of Security!!!
  2. nida says:
    April 3, 2013 at 23:34

    not a particular definition of Packet Filtering Firewall is given

    Reply
  3. Pradip Patil says:
    September 23, 2013 at 12:26

    Dear Author/Writer

    The Article written by you on packet Filtering firewall kind of interesting and more clear. I search lot of on google to find such a meaningful article on Packet Filtering proxy server. Thanks for sharing this valuable information. Now i come to the point. I writing a book on Ethical hacking and Security and it covered lot of interesting topics along with hacking and security as well. I also include one chapter on “Firewall, IDS & IPS” which are cover some basics of firewall and IDS/IPS.

    Now here i want you to use your above article in my book so the people who don’t read your article yet, able to read it through my book.

    I’ll give you 100% credit for this topic with your name and article link in my book.

    Please give me approval to you use this article in my book. and please replay this mail on my email ID: “Patil.pradip37@gmail.com”

    Thank You & Waiting for your replay…

    Warm Regards
    Pradip Patil

    Reply
  4. Pawan Kumar says:
    December 14, 2013 at 16:31

    thanks lot to giving such kind of useful information

    Reply
  5. Pingback: Firewall Unleashed - InfoSec Institute

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Date Command Tutorial(Video)
  • grep Command Tutorial – 1(Video)
  • Introduction To ls Command(Video)
  • Chapter 3
  • Set Position Of Poll Module Into Joomla

Recent Comments

  • Kansas City Trailer Proz on Physical Volume In AIX – A Primer
  • Create volume group in AIX | myunixsheet on How To Create Volume Group
  • Restore of AIX backup on other Unix system - TecHub on What is mksysb And What Are Its Components
  • Firewall Unleashed - InfoSec Institute on Packet Filtering Firewall: An Introduction
  • Manwendra on Proxy Firewall and Gateway Firewall: Introduction

Archives

  • January 2019
  • June 2010
  • May 2010
  • February 2010
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008

Categories

  • 30 Days To Joomla WebSite Setup
  • A Journey To The World of Linux System Administration
  • Aix
  • Backups
  • Books
  • Firewalls
  • Introduction
  • Joomla
  • Joomla Backup
  • Joomla Web Technology
  • Linux
  • LPAR and Virtualization
  • LVM
  • Pluggable Authentication Modules
  • section navigator pro
  • Security
  • Security Knowledge Base
  • Tips and Tricks
  • Uncategorized
  • World is Welcome Products

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
©2023 World is Welcome To The World of Linux | WordPress Theme by SuperbThemes