Scribd
Upload
25 views8 pages

Packet Filtering Firewalls

Uploaded by

riaz ahamed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
25 views8 pages

Packet Filtering Firewalls

Uploaded by

riaz ahamed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

NETWORK TECHNOLOGIES

PACKET FILTERING FIREWALLS


Packet Filtering Firewalls

Packet filtering firewalls may also be software


packages that sit on top of general-purpose
operating systems (such as Windows NT or UNIX)
or on firewall appliances.
The firewall will have multiple interfaces, one for
each network to which it is connected.
Like the application layer firewall, a set of policy
rules define how traffic from one network is
transported to any other.
If a rule does not specifically allow the traffic to
flow, the firewall will deny or drop the packets.
Packet Filtering Firewalls
Policy rules

Policy rules are enforced through the use of


packet inspection filters.
The filters examine the packets and determine
whether the traffic is allowed based on the policy
rules and the state of the protocol (this is known
as stateful inspection).
If the application protocol is running over TCP,
state determination is relatively easy as TCP
itself maintains state.
This means that when the protocol is in a certain
state, only certain packets are expected.
Connection

For example, let’s look at a connection setup


sequence. The first packet that is expected is a
SYN packet. The firewall sees this packet and
places the connection in the SYN state.
 In this state, one of two packets can be
expected either a SYN ACK packet
(acknowledging the packet and agreeing to the
connection) or an RST packet (resetting the
connection because the destination does not
wish to connect).
Connection
If any other packet appears for this connection,
the firewall will drop or deny it, as it is incorrect
for the state of the connection even if the
connection is allowed by the rule set.

If the protocol is running over UDP, the packet


filtering firewall cannot use the inherent state of
the protocol, but must track the state of the UDP
traffic.
Connection

Normally, the firewall will see an outbound


UDP packet and expect an inbound packet
from the destination address and port of the
original packet within a certain time frame.
If the packet arrives within the time frame,
the packet is accepted.
If not, the firewall determines that the UDP
traffic is not a response to a request and
drops it.
Connections

With a packet filtering firewall, connections do


not terminate on the firewall but instead travel
directly to the destination system.

As the packets arrive at the firewall, the


firewall will determine if the packet and
connection state are allowed by the policy rules.

If so, the packet is sent on its way. If not, the


packet is denied or dropped.

You might also like