Guide to Firewall Service in Linux. Read more about how it allows or denies network traffic based on rules.
Firewall Service in Linux
Firewall Service in Linux is a program that controls the incoming and outgoing network traffic in computer networks. It keeps a check on all the incoming and outgoing connections based on pre-defined rules and lets the necessary ones through. So, Firewall Service in Linux is one of the important security tools that every computer user must know about.
Packet Filtering and Application Gateway
A firewall is one of the important security tools that every computer user must know about. Firewall Service in Linux provides two types of filtering:
Packet Filtering
This is the simplest form of filtering. Also, it checks the header information of each incoming and outgoing packet and lets the packets through only if they meet certain pre-defined criteria.
Application Gateway
This is a more secure form of filtering. So, it checks the header information as well as the payload (data) of each incoming and outgoing packet. Also, lets them through only if they meet certain pre-defined criteria.
Stateful Inspection Firewall
There are 2 ways of implementing a firewall:
1. Stateless Inspection: In this method, the firewall service in Linux checks the header information only. So, this is an older method and not very secure as it might miss some packets.
2. Stateful Inspection: In this method, the firewall service in Linux checks both header information and payload data. Currently, this is the most common security method for implementing firewalls. Also, Firewall Service in Linux supports both stateless analysis and stateful inspection firewalls.
Classification of Traffic by Type
We can classify traffic by type into 3 categories:
1. Outgoing Traffic: All traffic from the computer to the outside world is called outgoing traffic or outbound traffic.
2. Incoming Traffic: All traffic from the outside world to the computer is called incoming traffic or inbound traffic.
3. Local Traffic: All traffic between two computers inside a network is called local traffic or LAN (local area network) traffic.
There are two methods to implement a firewall based on these categories:
2. Stateful Inspection Firewall
Packet filtering firewall only filters outbound, incoming and local network traffic but not all 3 at the same time. So, Stateful Inspection Firewall filters all three types of network traffic at the same time. But it requires more processing power than a packet filtering firewall.
Because it needs to check both header information as well as payload data of every packet that passes through it. For example, if one computer network on a LAN needs to send data to another computer on the same LAN. So, then a Packet Filtering Firewall will let it through while a Stateful Inspection Firewall will block it.
Because Stateful Inspection Firewall needs to know what data are being sent before allowing them. Thus, this is through which means that it needs to check both header information as well as payload data.