Firewall | Notion

firewall is your network’s gatekeeper / controlling exactly which data flows in and out. By defining rules, an administrator can allow or block traffic based on criteria such as:

Source: Is the packet coming from an approved IP or network?
Destination: Is it headed to a permitted host or subnet?
Port: Does it target an authorized service port (e.g., 80 for HTTP)?
Protocol: Is it using TCP, UDP, ICMP, or another protocol your policy allows?

Why Firewalls Matter

Traffic Control: Decide which connections are allowed or blocked.
Perimeter Defense: Protect internal networks from external threats.
Policy Enforcement: Ensure only approved services and users can communicate.
Threat Containment: Limit the spread of malware or attacks by isolating segments.

Primary Functions

Packet Filtering
- Inspects individual packets’ headers (IP address, port, protocol).
- Fast and lightweight, but stateless (treats each packet independently).
Stateful Inspection
- Tracks the state of active connections (TCP handshakes, sequence numbers).
- Makes decisions based on the context of the entire session.
Application‑Layer Filtering (Proxying)
- Interprets application protocols (HTTP, FTP) to block malicious payloads.
- Acts as a “middleman” that terminates and re‑initiates connections.
Next‑Generation Features (in NGFWs)
- Deep packet inspection (DPI), intrusion prevention (IPS), user identity awareness, SSL/TLS decryption.

Firewall Types

Type	Description
Network‑Based	Dedicated hardware or virtual appliances placed at network chokepoints (data center, edge).
Host‑Based	Software installed on individual servers or workstations (Windows Firewall, iptables).
Cloud‑Native	Built into cloud platforms (AWS Security Groups, Azure Firewall).
Next‑Gen (NGFW)	Adds application awareness, intrusion prevention, and user identity to traditional stateful.