What Is a Firewall? Types, Functions, and How They Protect You

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks (like the internet).

Think of it as a security guard at a building entrance — it checks every person (packet) trying to enter or leave and decides whether to allow or block them based on a set of rules. Firewalls are one of the most fundamental and essential components of network security.

Firewalls examine network traffic and apply rules to determine what to allow through. These rules can be based on:

• IP addresses: Allow or block traffic from specific source or destination IPs.
• Port numbers: Allow web traffic on port 80/443 but block everything else.
• Protocols: Allow TCP and UDP but block ICMP (ping).
• Application data: Deep packet inspection can examine the actual content of packets.
• Connection state: Track whether a packet is part of an established connection or a new, unsolicited request.

Firewall rules are processed in order. When a packet matches a rule, the associated action (allow, deny, or drop) is applied. If no rule matches, a default policy decides the outcome — most firewalls default to "deny all" (block everything not explicitly allowed).

Packet Filtering Firewalls: The simplest type. They inspect each packet individually and compare it against rules based on IP address, port, and protocol. They're fast but don't track connection state, making them vulnerable to certain attacks.

Stateful Inspection Firewalls: These track the state of active connections. A packet is only allowed in if it belongs to an established, legitimate connection. This is much more secure than basic packet filtering and is the standard for most modern firewalls.

Proxy Firewalls (Application-Level Gateways): These act as an intermediary between the user and the internet. All traffic passes through the proxy, which can inspect and filter application-layer data. They provide strong security but can introduce latency.

Next-Generation Firewalls (NGFW): Combine traditional firewall capabilities with advanced features like deep packet inspection, intrusion prevention (IPS), TLS/SSL inspection, application awareness, and threat intelligence feeds. Products from Palo Alto, Fortinet, and Cisco fall into this category.

Web Application Firewalls (WAF): Specifically designed to protect web applications by filtering HTTP/HTTPS traffic. They protect against SQL injection, cross-site scripting (XSS), and other web attacks. Cloudflare, AWS WAF, and ModSecurity are popular examples.

Hardware firewalls are dedicated physical appliances that sit between your network and the internet. They're used by businesses to protect entire networks. Examples include Cisco ASA, Fortinet FortiGate, and Palo Alto Networks devices.

Software firewalls run on individual computers or servers. Your operating system includes one: Windows Firewall, macOS's application firewall, and Linux's iptables/nftables. They protect the specific device they run on.

Cloud firewalls are firewall-as-a-service solutions that protect cloud infrastructure. AWS Security Groups, Azure Network Security Groups, and Google Cloud Firewall Rules are examples.

For home users, your router's built-in firewall combined with your OS software firewall provides adequate protection. Businesses typically use a combination of hardware firewalls at the network perimeter and software firewalls on individual servers.

• Default deny policy: Block all traffic by default and only allow what's explicitly needed. This is more secure than allowing everything and trying to block specific threats.
• Keep rules minimal and clean: Remove unused rules regularly. Complex rulesets lead to misconfigurations and security gaps.
• Enable logging: Log all blocked and allowed traffic for security monitoring and incident investigation.
• Segment your network: Use firewalls to separate different parts of your network (e.g., isolate your database servers from public-facing web servers).
• Keep firmware updated: Firewall vendors regularly patch security vulnerabilities in their software.
• Test your firewall: Use port scanning tools like LookMyIP's Port Checker to verify that only intended ports are open and accessible.