Firewall for Beginners – Simple Introduction

A networking forum for discussions about IP networks, routing, switching, VLANs, NAT, firewalls, DNS, DHCP, VPNs, IPv4/IPv6, monitoring, diagnostics, and infrastructure troubleshooting.
Forum rules
Post Reply
NetGuru
Posts: 21
Joined: Thu Apr 23, 2026 5:29 pm

Firewall for Beginners – Simple Introduction

Post by NetGuru »

What Is a Firewall?

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on defined rules.

It acts as a barrier between a trusted network (like your home or server) and untrusted networks (like the internet).

---

1. Why Do You Need a Firewall?

Without a firewall, your system would be directly exposed to the internet.

A firewall helps to:
  • Block unauthorized access
  • Protect services and ports
  • Prevent attacks
  • Control network traffic
---

2. How a Firewall Works

A firewall checks network traffic and decides:
  • Allow the connection
  • Block the connection
Example:
  • Allow port 80 (web server)
  • Allow port 443 (HTTPS)
  • Block all other incoming traffic
---

3. Types of Firewalls

1. Network Firewall
  • Protects an entire network
  • Usually built into routers
2. Host-Based Firewall
  • Runs on a single system
  • Controls traffic for that device
Examples:
  • UFW (Uncomplicated Firewall)
  • iptables / nftables
---

4. Common Firewall Rules
  • Allow specific ports (e.g. SSH, HTTP, HTTPS)
  • Block all other incoming traffic
  • Limit access to trusted IPs
---

5. Example (Linux UFW)

Allow SSH:

Code: Select all

sudo ufw allow 22
Allow web traffic:

Code: Select all

sudo ufw allow 80
sudo ufw allow 443
Enable firewall:

Code: Select all

sudo ufw enable
---

6. Firewall vs NAT
  • NAT → translates IP addresses
  • Firewall → controls traffic
Both are often used together in routers.

---

7. Important Tips
  • Always enable a firewall on servers
  • Allow only required ports
  • Regularly review rules
  • Combine with updates and security tools
Top
NetGuru
Posts: 21
Joined: Thu Apr 23, 2026 5:29 pm

Firewall – Ports, States and Traffic Control

Post by NetGuru »

Advanced Firewall Concepts – Ports, States and Traffic Control

After understanding basic firewall concepts, the next step is learning how firewalls actually manage connections using ports, states and rules.

This is essential for running secure servers and network infrastructure.

---

1. What Is a Port?

A port is a communication endpoint used by applications.

Examples:
  • 22 → SSH
  • 80 → HTTP
  • 443 → HTTPS
  • 53 → DNS
  • 25 → SMTP
Think of an IP address as a building and ports as doors.

---

2. Stateful vs Stateless Firewalls

Stateless Firewall
  • Checks each packet independently
  • No memory of connections
Stateful Firewall (modern standard)
  • Tracks active connections
  • Knows if traffic is part of an established session
  • More secure and efficient
Example rule:
  • Allow ESTABLISHED, RELATED connections
---

3. Connection States

Stateful firewalls classify traffic:
  • NEW → new connection attempt
  • ESTABLISHED → active connection
  • RELATED → related traffic (e.g. FTP data)
  • INVALID → broken or suspicious packets
Typical rule:

Code: Select all

Allow ESTABLISHED, RELATED
Drop INVALID
---

4. Inbound vs Outbound Traffic

Inbound → incoming traffic from internet
Outbound → traffic from your system to internet

Best practice:
  • Restrict inbound traffic strictly
  • Control outbound traffic if needed
---

5. Default Policies

A secure firewall setup uses:
  • Default: DROP (deny everything)
  • Allow only required ports
Example:
  • Allow 22 (SSH)
  • Allow 80, 443 (Web)
  • Drop everything else
---

6. Rate Limiting and Protection

Firewalls can limit connections:
  • Prevent brute-force attacks
  • Limit SSH login attempts
  • Protect services from abuse
Example (concept):
  • Allow max 5 SSH attempts per minute
---

7. Port Forwarding (Advanced NAT)

Used to expose internal services:
  • Public IP → Router → Internal Server
Example:
  • Port 80 → 192.168.1.100 (web server)
  • Port 22 → 192.168.1.101 (SSH)
---

8. Segmentation and Zones

Advanced setups use zones:
  • LAN (internal network)
  • DMZ (public services)
  • WAN (internet)
This improves security by isolating services.

---

9. Tools in Linux
  • nftables (modern standard)
  • iptables (legacy)
  • UFW (simplified frontend)
  • firewalld (zone-based firewall)
---

10. Best Practices
  • Use default deny policy
  • Allow only necessary ports
  • Monitor logs
  • Use fail2ban or IDS systems
  • Keep firewall rules simple and clear
---


You can find a practical setup guide in our Debian forum:

👉 UFW installation on Debian
Top
Post Reply

Return to “Networking”