Packet Filtering Firewall
• The simplest form of firewall
• Pattern matching. For example:
• The firewall contains a set of legal source and destination addresses
and it drops any packets that don’t conform to the rule (a.k.a. address
filtering)
• The firewall contains a typical security policy for allowing and rejecting
certain types of traffics (like allow email but not allow telnet)
• The firewall allows connections initiated by machines inside the
firewall, but disallow connections initiated by machine outside the
firewall. (Using ACK flag to filter)
• Selectively discards packets based on configurable criteria such as
using information in the IP header (like protocol types and ports)
• Packet filters are frequently added as a feature to routers, allowing
them to have minimal cost and impact on performance.