Home of internet privacy

Here’s how firewalls work

In engineering and architecture, areas at risk of fire are compartmentalized with walls and heavy doors. In the event of a fire, for example, firewalls will stop the spread of the flames and contain the damage.

In computing, a firewall is software or hardware that separates different parts of a network. A firewall has its own rules and can direct and block incoming or outgoing traffic.

Your computer’s firewall will most commonly allow outgoing connections and block all requests from the outside. Anyone wanting to use peer-to-peer software (like file-sharing or a web server) on their personal machine will need to disable or change the firewall rules manually.

The difference between network and host-based firewalls

The most common type of firewall in a home is a router.

A router is an example of a network firewall, which is often dedicated hardware connected to your computer. If your firewall is merely software, it is called a host-based firewall.

The router’s firewall can be configured to block outgoing traffic, for example, when the goal is to isolate a device on the network. It can also be used to isolate devices on the home network and decide what should be reachable from which ports.

When connected to a properly configured VPN, you are also protected by a firewall. Whether some incoming connections are allowed, for example, on local networks or specific ports depends on the VPN provider and configuration.

Firewalls, ports, protocols

Firewalls filter traffic based on rules. The three most important rules are the direction of the traffic, the port number, and the protocol used.

Ports identify the network interface of the software. Likely multiple services are running on a server simultaneously, and the port number identifies them. Generally, any software can claim any port for itself, but some conventions limit that. Typically, SSH is available on port 22, an HTTP connection on port 80 or 8080, and an HTTPS connection on port 443.

A software can claim multiple ports, but each port can only be claimed by one service. By configuring the firewall to block port 22, it becomes impossible to connect to the SSH daemon, and by blocking all ports except 443, only HTTPS connections may be served.

Protocols such as UDP and TCP define how applications communicate with each other. In the context of an OpenVPN app, for example, a connection can be made either over UDP or TCP. UDP allows for faster connections, but TCP connections are more reliable. By limiting the kind of protocols permitted over a port, a firewall can further help lock down a network to intruders.

Traffic origins and destinations

Firewalls can also be configured only to accept traffic from certain destinations, as defined by IP addresses or domain names. They may also restrict outgoing traffic this way.

This helps to set blocklists for applications, such as to restrict company resources to allowed users or to bar the origin of spam and DDoS attacks. Another use of this feature could also be censorship.

Modern firewalls go another step further and attempt to identify the kind of application making the connection, such as HTTPS or SSH. This can help prevent abuse, but it’s difficult to identify traffic accurately. For instance, OpenVPN traffic may masquerade as HTTPS traffic, and misidentifications can break applications or render the firewall useless.

Firewalls isolate and protect

The functionality of a firewall is to lock down networks, servers, and applications from unauthorized access. Ideally, each application has its own robust authentication scheme, but a firewall makes it easy to limit who can make connection attempts.

Firewalls are robust mechanisms to lock out intruders, making your network more secure and improving the availability of resources. However, firewalls are only a puzzle piece in a comprehensive information security policy and do not provide absolute security.