What is a Firewall and How Does It Work?

A firewall is a system that provides network security by filtering incoming and outgoing network traffic according to a pair of user-defined rules. Generally speaking, the goal of a firewall is to reduce or eliminate the incidence of undesirable network communications while allowing all legitimate communication to flow freely. In many server infrastructures, firewalls provide a vital layer of security that, together with other measures, prevent attackers from accessing your servers in malicious ways.

This manual will discuss how firewalls work, with a focus on stateful software firewalls, like iptables and FirewallD, as they relate to cloud servers. We’ll begin with a brief explanation of TCP packets and the various kinds of firewalls. Then we’ll discuss many different topics related to stateful firewalls. Lastly, we’ll provide links to additional tutorials that can allow you to set up a firewall on your server.

TCP Network Packets
Before discussing the different kinds of firewalls, let us take a fast look at what Transport Control Protocol (TCP) network traffic looks like.

TCP network traffic goes around a network in packets, which are containers that include a packet header–that contains control information such as source and destination addresses, and packet sequence information–and the data. While the management information in each packet can help to make certain that its associated information gets delivered correctly, the components it comprises also provides firewalls an assortment of ways to match packets against firewall rules.

It’s important to remember that successfully getting incoming TCP packets requires the recipient to send incoming acknowledgment packets back to the sender. The combination of the management information in the incoming and outgoing packets may be used to find out the connection condition (e.g. new, established, related) of between the sender and recipient.

Types of Firewalls
Let’s quickly go over the three primary types of network firewalls: packet filtering (stateless), stateful, and application layer. Therefore, they are oblivious of link state and may only allow or deny packets based on individual packet headers. Stateful firewalls have the ability to find out the connection state of packets, making them far more flexible than stateless firewalls. They operate by collecting related packets until the link state can be determined prior to any firewall rules that are applied to the traffic.

Application firewalls go one step further by assessing the information being transmitted, allowing network traffic to be matched from firewall rules that are specific to individual applications or services. These are also referred to as proxy-based firewalls.

As well as anti-virus software, which can be found on all modern operating systems, firewall functionality can also be provided by hardware devices, like routers or firewall appliances. Our discussion will be centered on stateful software firewalls that run on the servers they are meant to protect.

Firewall Rules
As stated previously, network traffic that traverses a firewall is matched against rules to ascertain if it ought to be allowed through or not. A simple way to describe what firewall rules resemble is to demonstrate a few examples, so we’ll do that today.

It’s typical for a series of firewall rules not to explicitly cover every possible condition. Because of this, firewall chains should have a default policy given, which consists only of an action (accept, reject, or fall). Suppose the default policy for the instance chain previously was set to fall.

When the default policy was set to take, anybody, except your non-technical employees, would have the ability to establish a link to any open service on your server.