Firewalls are a critical component of system security. In this video, explore the basics of how firewalls work.
- [Instructor] A firewall is a piece of software that filters network traffic. Individual systems, and devices often have firewall software running on their network connection, and networks often have firewalls as well. Dedicated hardware ranging from your wifi router at home to enormously powerful firewall appliances used by organizations, and ISPs. Generally speaking, firewall software filters traffic passing through it in both directions. Outward to an external network, or zone, and inward to the network, or device it protects. It does this by looking at the packets of data that travel through it, and comparing them to sets of rules, and so firewall software is also called packet filtering software.
A firewall can evaluate packets based on their source, and destination address, what protocol they're using, what port they're using, whether they're part of an ongoing interaction, or a new interaction, and many other parameters. In many cases, though, firewalls aren't configured to do a lot of filtering of packets traveling outward. So usually we only think of firewalls as a filter for incoming data, but it's important to remember they work both ways. Let's take a look at a scenario where a firewall would act on a packet.
Let's say you have a home server, and you want to connect to it from your laptop. You might use SSH for this which works on port 22. So your local firewall, and the laptop would need to allow the packet out. As I mentioned that's usually how a firewall's configured so nothing special needs to be done there. If the server has a firewall active you'd need to establish a rule that says if packet comes to me on port 22 let it through, and then the packets from your computer would be allowed to flow to the SSH server.
Any information that comes back to your computer through that SSH connection would need to be permitted to leave the server's firewall. Again, usually nothing needs to be done to let that happen, and it needs to come back to the SSH software on your laptop. But, generally, we don't need to write a rule to allow this because the laptop's firewall recognizes that the data coming back is related to the data that it sent out. So it basically says oh yeah, that's the information that I asked for. Let it through. You can configure firewalls to block related traffic, but doing so can break a lot of things.
A web server would behave in much the same way as our SSH server though if it's on the web the traffic might flow through many firewalls on their way to and from the server. Firewalls can take other actions as well. There are two different kinds of ways for a firewall to block traffic instead of permitting it. These are generally drop, and reject. If a packet matches a rule that tells the firewall to drop access the firewall just doesn't pass the packet through to wherever it was trying to go. This is the default behavior for a firewall to take on packets that don't match any explicit rules.
You can think of mail coming into a post office, and just being dropped on the floor. The sender isn't told that the letter is being dropped on the floor, or ignored. Rules can also be written to tell the firewall to reject a packet. Instead of just ignoring it the firewall sends back a notification to the sender of the packet that says it was, well, rejected. You can see the difference in behavior if you tried to communicate with a system using these different modes. A firewall rule with drop would just never respond, and the request from the client would just time out.
And one with reject would respond immediately, and tell you to go away. And if a firewall is running on a system configured to route network traffic you can write rules that take an action to forward packets instead. These rules permit traffic to flow from one system through another to a third system. So many of the rules that dedicated firewall devices, and home routers use act in this way. There are a few different firewall software packages you are likely to see including iptables, and pf. Iptables is common on Linux, and pf is common on operating systems in the BSD world like FreeBSD, and MacOS.
In the next few episodes of this series we'll take a look at iptables, and a front end application to make working with it easier called UFW. Stay tuned.
Note: Because this is an ongoing series, viewers will not receive a certificate of completion.