Jump to content

Network layer firewall

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Aldie (talk | contribs) at 00:01, 14 September 2002 (shuffle words). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A network layer firewall works as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator. Filtering can be applied based on source and destination address, ports, in addition to what higher level protocols the packet contains. Network layer firewalls tend to be very fast and transparent to users.

Network layer Firewalls generally fall into two sub-categories, stateful and non-stateful. Stateful firewalls also hold some information on the state of connections (i.e. established or not, initiation, handshaking, data or breaking down the connection) as part of their rules (e.g. only hosts inside the firewall can establish connections on a certain port).

Stateless firewalls have packet filtering capabilities but cannot make more complex descisions on what stage communications between hosts is at and are therefore less secure. Stateless firewalls are quite similiar to a routers' abilty to filter packets.

Network layer firewalls can be implemented with a normal computer running an operating system which supports packet filtering and routing. Examples include Linux, Solaris and the BSDs.