Packet-filtering firewalls are commonly used to protect against cyber threats. Like all firewalls, they monitor and filter network traffic. Packet-filtering firewalls, however, specifically target data packets known as Internet Protocol (IP) address packets. They will filter incoming and outgoing IP packets using a set of preconfigured rules. What are the different types of rules supported by packet-filtering firewalls exactly?
Deny Traffic
You can use a packet-filtering firewall to deny traffic. If your business’s network is under a distributed denial-of-service (DoS) attack, for instance, you may want to deny traffic from the attacker’s IP address. The “deny” rule will block all traffic from that IP address, thus protecting your business’s network from malicious DoS traffic.
DoS attacks involve malicious traffic from a single IP address. After identifying the IP traffic from which the malicious traffic originates, you can configure the packet-filtering firewall to block it. The “deny” rule is one of two rules that can block network traffic.
Reject Traffic
In addition to denying traffic, you can use a packet-filtering firewall to reject traffic. Packet-filtering firewalls support the “deny” rule and the “reject” rule. Both of these rules will block traffic from the corresponding IP address. The difference is that the “reject” rule comes with a response, whereas the “deny” rule doesn’t come with a response.
If you use the “reject” rule to block traffic, the packet-filtering firewall will return a response to the corresponding IP address. It will still block traffic from that IP address, but the packet-filtering firewall will send its own response packet indicating that the destination is unreachable. If you use the “deny” rule, the packet-filtering firewall will block traffic from the corresponding IP address without sending a response.
Allow Traffic
You can use a packet-filtering traffic to allow traffic. Upon receiving an incoming IP packet, the packet-filtering firewall will analyze it. If the IP packet originates from an explicitly allowed IP address, the packet-filtering firewall will allow it to pass and enter your business’s network.
To configure a packet-filtering firewall to allow traffic, use the “allow” rule. The “allow” rule will essentially bypass the packet-filtering firewall for the corresponding IP address.
Log Traffic
A lesser-known rule supported by packet-filtering firewalls is the “log only” rule. The “log only” role does exactly what it sounds like: It logs information about the traffic. Packet-filtering firewalls will still filter IP packets using a set of preconfigured rules. Assuming they don’t block traffic from an IP traffic, the “log only” rule will allow them to record information about the traffic.