Rules of a firewall
The rules of a firewall can be customized depending on our needs, requirements, and threat levels. There are different conditions on which firewall filters work. These are as follows:
- IP address: The first condition on which a firewall rule works is on IP address. The decision is based on the range of IP addresses and subnet masks.
- Domain name: The second condition on which a firewall works is on domain name. A firewall can be configured to permit or deny access to specified domain names of corporate websites or domain name extensions, such as .org, .tv, or .biz.
- Protocols and ports: The third condition a firewall works on is the protocols and its ports. A firewall can be configured to permit or deny some protocols and port numbers, such as SMTP, FTP, UDP, and SNMP. It can also be configured to inspect the traffic passing through the open ports of the server.
- Keywords: The fourth condition on which the firewall works is specific keywords. Firewalls can be configured to check some keywords or phrases to decide whether to permit offensive data to flow in the network or not.
The logic is based on a group of guidelines configured either statically or dynamically, based on the requests of information in the network. Most firewalls use the header information of the packet to determine whether it should be allowed or blocked.
Let's assume the following network topology to understand how a firewall uses the configured rules:
The rule in this diagram mentions that any incoming packet (Source Address—Any and Source Port—Any) that is intended for the internal network with a Destination Address of 10.10.10.10 and a Destination Port of more than 1023 is allowed to enter the network, and all other incoming packets with a destination other than 10.10.10.10 will be blocked.
You should be careful when configuring a rule, because it is very risky to allow any traffic through a firewall.