- It is considered to be most basic type of firewall. It receives the packets and the revaluates them based on set of rules that are usually in the form of access control. These packets maybe forwarded to their destination, dropped or dropped with the return message to the sender describing the situation. The type of filtering rules varies based on the application. Mostly following rules are used:
- Source and Destination IP address: Packets from certain IP addresses are only allowed to pass blocking other addresses. This will make firewall drop packets which do not belong to defined source address.
- Source and destination ports: Packets from defined ports are accepted and those packets which are not defined.
- Direction of traffic: Allows traffic only in defined direction. That is allows only either inbound packets or outbound packets.
- Type of protocol: Passes or drops packet of certain protocols only such as IP, TCP, and User Datagram Protocol etc.
- The packet’s state: It passes packets based on the state of packets such as ACK or SYN where SYN meaning synchronizing packet or ACK meaning Acknowledgement packet.
- Packet-filtering firewalls provide a reasonable amount of protection for a network with minimum complications. Packet-filtering rules can be extremely intuitive and thus easy to set up. One simple, but surprisingly effective, rule is to allow all packets that are sent from specific, known set of Internet protocol (IP) addresses, such as hosts within another network owned by the same organization or corporation.
- Packet-filtering firewalls also ten dto have the least negative effect on the throughput rate at the gateway compared with other types of firewalls.
- They also tend to be the most transparent to legitimate users. If the filtering rules are set up appropriately, users obtain their required access with little interference from the firewall.
- Firewalling schemes based on ports do not provide the precise control that many organizations require.
- Packet-filtering firewalls are often deficient in logging capabilities, particularly in providing logging that can be configured to an organization's needs (e.g., to capture only certain events in some cases and, in others, to capture all events).i.e. it fails to log the dropped/passed packets.
- They may also lack remote administration facilities that can save considerable time and effort.
- The process of creating and updating filtering rules is prone to logic errors that could result in easy conduits of unauthorized access to a network.
Please log in to add an answer.