How does a firewall work?
Assuming you already know what is a firewall, let us see how does a firewall work.
Before I go on telling you how does a firewall work let me talk about some general concepts of computer networking, one in particular – “IP Address”
Think of IP address similar to your physical mailing address. There is one similarity in particular – its unique.
So if you have to send in a letter, you’d go to the nearest post-office, on the letter you’d write your address (source), the recipient’s address (destination) and that’s it.
A computer network operates in a similar way – every computer or device is assigned a unique ip address using which, communication takes place. This is where a firewall comes in – the administrator would want to control, what computer(s) should or should not communicate.
So we place a firewall in between two networks to control/monitor/log all IP communication.
Most commonly, this is placed between an
internal network – A local area network or LAN
and an external network – usually WAN or wide area network or most popularly known as the Internet.
So why would we place a firewall between your local network and the internet?
That’s right, we would like to shield our internal network from external threats. By placing a firewall right in the middle, we can define certain “rules” that will tell the firewall what communication should be allowed or disallowed.
Coming back to the main topic – how does a firewall work?
After we have defined certain rules on the firewall – the firewall would check the headers of every packet (a packet is a unit of data in IP networks) and would either allow it to go through or block it.
Let me illustrate how does this work – Consider there are 3 computers, A, B and C. And we have assigned the following ip addresses to each one of them
A – 192.168.1.1
B – 192.168.2.1
C – 192.168.3.1
If we add a few rules in the firewall that A is not allowed to communicate with B, and B is allowed to communicate with C, and no rule is defined for communication between A and C here is how it will work
When a packet comes in the firewall – it will analyze the source and destination IP addresses. Lets evaluate three cases
1) A is trying to communicate with B
When the packet comes in the firewall, it will find that the packet is coming from 192.168.1.1 and is going to 192.168.2.1 – the firewall will block the packet, as we have defined a rule that A cannot communicate with B.
2) B is trying to communicate with C
When the packet comes in the firewall, it will find that the packet is coming from 192.168.2.1 and is going to 192.168.3.1 – the firewall will allow the packet, as we have defined a rule that B can communicate with C.
3) A is trying to communicate with C
When the packet comes in the firewall, it will find that the packet is coming from 192.168.1.1 and is going to 192.168.3.1 – the firewall will Block the packet. WHY?
In most cases, a firewall will have an implicit “deny” rule. If the packet matches no rules, it will be blocked.
You might ask why again – Why should the packet be dropped?
Well, for security reasons – If the packet is coming from an unknown source, most likely it will be an untrusted source and so it is a good practice to block it.
You have just read the basics on how does a firewall work.
Please note that this post is for absolute beginners (no disrespect). To explain a very technical concept in simple words is very difficult, so for those geeks reading this article – don’t even try to shoot holes!
If you have any questions regarding this post, feel free to post comments in the section below and I’ll do my best to answer them