A firewall is an appliance, or software running on a computer, which inspects network traffic passing

through it, and after inspecting the traffic it denies or permits the traffic passage based on a set of
rules. Basically a firewall operates between the networks of different trust levels such as an internal
network which is a zone of higher trust and an external network which is a zone with no trust. A zone
with intermediate trusted level zone situated between internal and external network is Demilitarized
zone (DMZ).

A Firewall is a program or hardware device that protects the resources of a private network from users
of the others networks. A firewall acts as a wall around the network that allows only authenticated
users to access network resources, and it restricts attackers form entering the networks by denying
them access. Today, most organizations rely heavily on firewalls for their internal security. A firewall
without proper configuration is worthless



Generation of Firewall

Packet Filter: First Generation
Packet filters act by inspecting the Packets which represent the basic unit of data transfer between
computers on the Internet. If a packet matches the packet filters set of rules, the packet filter will drop
(silently discard) the packet, or reject it (discard it, and send error responses to the source).

This type of packet filtering pays no attention to whether a packet is part of an existing stream of
traffic (it stores no information on connection state). Instead, it filters each packet based only on
information contained in the packet itself (the information can be like the packets source and
destination address, its protocol, and, for TCP and UDP traffic, the port number and no packets
contents (data)is actually inspected).

The problem with this type of firewall is that it stores no information on connection state.

Stateful Filters: Second Generation
Second Generation firewalls in addition regard placement of each individual packet within the packet
series. This technology is generally referred to as a Stateful firewall as it maintains records of all
connections passing through the firewall and is able to determine whether a packet is either the start
of a new connection, a part of an existing connection, or is an invalid packet. Though there is still a
set of static rules in such a firewall, the state of a connection can in itself be one of the criteria which
trigger specific rules. This type of firewall can help prevent attacks which exploit existing connections,
or certain Denial-of-service attacks.

Application Layer: Third Generation
This type of firewall operates at Application Layer. It uses various proxy servers to proxy the traffic
instead of routing it on network. As this firewall operates on Application Layer it can inspects the
contents of the traffic and based upon the view of the administrator for the inappropriate contents,
such as certain websites, viruses, attempts to exploit known logical flaws in client software (such as
web applications), and so forth the firewall allows or blocks the traffic through it.

This firewall does not route the traffic within the network but it proxy the traffic and if the traffic is clean
only then the proxy server insatiate a connection for that traffic otherwise the proxy server drops that
traffic as all traffic stops at the firewall which may initiate its own connections if the traffic satisfies the
rules.

Types of Firewalls
Network Layer and Packet Filters
Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP
protocol stack, not allowing packets to pass through the firewall unless they match the established
rule set.

Network layer firewalls generally fall into two sub-categories,

Stateful Firewalls
Stateless Firewalls

Stateful firewalls
Stateful firewalls maintain context about active sessions, and use that state information to speed
packet processing. Any existing network connection can be described by several properties, including
source and destination IP address, UDP or TCP ports, and the current stage of the connections
lifetime (including session initiation, handshaking, data transfer, or completion connection).

If a packet does not match an existing connection, it will be evaluated according to the rule-set for
new connections. If a packet matches an existing connection based on comparison with the firewalls
state table, it will be allowed to pass without further processing.

Means when a new packet comes then this type of firewall inspects that packet to check whether it is
a new packet and allows that packet towards it destination if that packet fulfill the criteria made by the
administrator of the organization listed within the rule-sets of the firewall. If the packet is already a part
of some previous connection then the firewall allows that packet to pass through without being
inspected.

Stateless Firewall
Stateless firewalls require less memory, and can be faster for simple filters that require less time to
filter than to look up a session. Hence these firewalls operate fast than that of the Stateful firewall as
these firewalls have no concept of a session. However, they cannot make more complex decisions
based on what stage communications between hosts have reached.

Modern firewalls can filter traffic based on many packet attributes like source IP address, source port,
destination IP address or port, destination service like WWW or FTP. They can filter based on
protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.

Case-1: In most firewall implementations, it is relevant to allow a response to an internal request for
information.
Source Destination-> 1023 Source Port-> Any Destination Address->10.10.10.0 DestinationPort-
>Any Action->Allow

Case-2: Generally it is good to allow all internal traffic out.
Source Destination->10.10.10.0 Source Port-> Any Destination Address->
Any DestinationPort -> Any Action->Allow

Case-3: Example of firewall rule for SMTP, allows packets governed by this protocol to access local
SMTP Gateway (10.10.10.6).
Source Destination->Any Source Port-> Any Destination Address->
10.10.10.6 DestinationPort -> Any Action->Deny

Application Layer Firewall
This type of firewall operates at Application Layer. It uses various proxy servers to proxy the traffic
instead of routing it on network. As this firewall operates on Application Layer it can inspects the
contents of the traffic and based upon the view of the administrator for the inappropriate contents,
such as certain websites, viruses, attempts to exploit known logical flaws in client software( such as
web applications), and so forth the firewall allows or blocks the traffic through it.

Personal Firewalls
If the computer is not protected when the user connects to the Internet, hackers can gain access to
personal information from the computer. They can install code on the computer that destroys files or
causes malfunctions. They can also use users computer to cause problems on other home and
business computers connected to the Internet.

A firewall places a virtual barrier between the computer and hackers, who might seek to delete
information from the computer, make it crash, or even steal personal information.

A firewall helps to screen out many kinds of malicious Internet traffic before it reaches to the users
system. Using a firewall is important no matter how the user connects to the Internet dial-up
modem, cable modem, or digital subscriber line (DSL or ADSL).


The firewall serves as the primary defense against a variety of computer worms that are transmitted
over the network. It helps to protect the computer by hiding it from external users and preventing
unauthorized connections to the computer

For home users, a firewall typically takes one of two forms:

Personal firewall - specialized software running on an individual Computer.
Hardware firewall a separate device designed to protect one or more computers.

If user is having a home network, it is recommended that he should have both types of firewall
installed i.e. hardware firewall at the router and personal firewall at each system using that network.

But if the user is using a stand-alone PC only, then it is recommended that he should have at least a
personal firewall installed on the PC.
Installing Personal Firewalls
A Personal firewall or desktop firewall is a software program that provides primary defense
mechanism for the desktop computer connected to the internet.

The firewall acts like a guard, who checks everybody entering or going out of the home and based on
some prior knowledge allows or disallows the people.

Once the personal firewall is being installed, it is continuously running in the background, watching
out all the incoming and outgoing traffic. Simultaneously it reports to the user by giving a pop-up
about the program which is trying to access the internet or conversely trying to access the users
system.

Users should be exceptionally careful when allowing a particular program or file through the firewall
and have to be very considerate about which file is used by which particular program.