Firewall¶

A firewall is intended to prevent unauthorized access to a private, commercial or state network, even though (or precisely because) the network is connected to a public network on the outside. Once a TCP/IP connection has been established, every data packet is transported. In contrast to a firewall, a router is not interested in the content of the packets that it transmits, although the functionality would be comparable.

In principle, a firewall works by cutting off the connection to the outside and placing a computer with two network interfaces in between. This computer works almost like a router. However, it does not send every packet to the other side, but uses its rules to check whether the packet is allowed to pass, whether it is rejected or simply discarded.

As each packet contains the IP number of the sender and the recipient and also the port number of both, the "firewall" computer can recognize the purpose for which the packet was sent. For example, a request to a Web server on the Internet will have an IP number as the recipient that does not belong to the local network and will have the port number 80, for example. The sender has an IP number from the company area and an arbitrary number as the port number (dynamic port) that does not belong to the well-known ports. When the server responds, the recipient and sender are swapped. In contrast, an attempt to attack the company's internal intranet Web server from outside would look different. The recipient of the packet would have an IP number from the internal company network and the port number would be 80. It is therefore possible to tell who is the client and who is the server from the packet addresses.

The firewall rules are usually initialized to prevent any unknown communication. Subsequently the required and harmless communication channels are successively permitted. Access from the Web server to the outside through port 80 must therefore be explicitly enabled, otherwise the packets will be blocked or discarded, depending on the rule.