Firewalls

Overview

A firewall controls network traffic based on policy.

• Inbound vs outbound rules
• Host firewall vs network firewall (perimeter / segmentation) Most modern firewalls are stateful: they track connections so “return traffic” is automatically allowed when appropriate.

Typical Policy Questions

What traffic is allowed to this host/service? What traffic is allowed from this host/service? What should be logged (and at what rate)? Are there different trust zones (WAN/LAN/DMZ/management)?

Common Approaches

Default-deny inbound + explicitly allow required services. Limit administrative access (e.g., SSH/RDP) to management networks/VPNs. Separate “exposed services” from “internal services” via zones/segments.

Linux Mapping

Linux packet filtering is implemented in-kernel via Linux/Security/Netfilter.

• Classic interface: Linux/Security/Iptables
• Modern interface: Linux/Security/Nftables