The Packet Filtering Firewall

One type of firewall is the packet filtering firewall. In a packet filtering firewall, the firewall examines five characteristics of a packet:

1. Source IP address 2. Source port 3. Destination IP address 4. Destination port 5. IP protocol (TCP or UDP)

Based upon rules configured into the firewall, the packet will either be allowed through, rejected, or dropped. If the firewall rejects the packet, it sends a message back to the sender letting him know that the packet was rejected. If the packet was dropped, the firewall simply does not respond to the packet. The sender must wait for the communication to time out. Dropping packets instead of rejecting them greatly increases the time required to scan your network. Packet filtering firewalls operate on Layer 3 of the OSI model, the Network Layer. Routers are a very common form of packet filtering firewall.

An improved form of the packet filtering firewall is a packet filtering firewall with a state oriented inspection engine. With this enhancement, the firewall "remembers" conversations between systems and networks. It is then necessary to fully examine only the first packet of a conversation. The Application-Proxy Firewall

Another type of firewall is the application-proxy firewall. In a proxy based firewall, every packet is stopped at the proxy firewall. The packet is then examined and compared to the rules configured into the firewall. If the packet passes the examinations, it is re-created and sent out. Because each packet is destroyed and re-created, there is a potential that an applicationproxy firewall can prevent unknown attacks based upon weaknesses in the TCP/IP protocol suite that would not be prevented by a packet filtering

firewall. The drawback is that a separate application-proxy must be written for each application type being proxy-examined. You need an HTTP proxy for web traffic, an FTP proxy for file transfers, a Gopher proxy for Gopher traffic and so on. Application-proxy firewalls operate on Layer 7 of the OSI model, the Application Layer. The Application-Gateway Firewall

Application-gateway firewalls also operate on Layer 7 of the OSI model, the Application Layer. Application-gateway firewalls exist for only few network applications. They intercept and examine all the information traveling from application to application. A typical application-gateway firewall is a system where you must telnet to one system in order to telnet again to a system outside of the network.