What items does a firewall use to decide whether to allow or deny communication traffic.

What items does a firewall use to decide whether to allow or deny communication traffic.

First we should know, what is Firewall?

A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic

.

Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.

items does a firewall use to decide whether to allow or deny communication traffic.

As network traffic, from the perspective of a server, can be either incoming or outgoing, a firewall maintains a distinct set of rules for either case. Traffic that originates elsewhere, incoming traffic, is treated differently than outgoing traffic that the server sends. It is typical for a server to allow most outgoing traffic because the server is usually, to itself, trustworthy. Still, the outgoing rule set can be used to prevent unwanted communication in the case that a server is compromised by an attacker or a malicious executable.

In order to maximize the security benefits of a firewall, you should identify all of the ways you want other systems to interact with your server, create rules that explicitly allow them, then drop all other traffic. Keep in mind that the appropriate outgoing rules must be in place so that a server will allow itself to send outgoing acknowledgements to any appropriate incoming connections. Also, as a server typically needs to initiate its own outgoing traffic for various reasons for example, downloading updates or connecting to a database it is important to include those cases in your outgoing rule set as well.

Writing Outgoing Rules

Suppose our example firewall is set to drop outgoing traffic by default. This means our incoming accept rules would be useless without complementary outgoing rules.

To complement the example incoming firewall rules (1 and 3), from the Firewall Rules section, and allow proper communication on those addresses and ports to occur, we could use these outgoing firewall rules:

1. Accept established outgoing traffic to the public network interface on port 80 and 443 (HTTP and HTTPS)

2. Accept established outgoing traffic to the private network interface on port 22 (SSH)

Note that we don’t need to explicitly write a rule for incoming traffic that is dropped (incoming rule 2) because the server doesn’t need to establish or acknowledge that connection.