How does a firewall work?
Assuming you already know what is a firewall, let us see how does a firewall work.
Before I go on telling you how does a firewall work let me talk about some general concepts of computer networking, one in particular – “IP Address”
Think of IP address similar to your physical mailing address. There is one similarity in particular – its unique.
So if you have to send in a letter, you’d go to the nearest post-office, on the letter you’d write your address (source), the recipient’s address (destination) and that’s it.
A computer network operates in a similar way - every computer or device is assigned a unique ip address using which, communication takes place. This is where a firewall comes in – the administrator would want to control, what computer(s) should or should not communicate.
So we place a firewall in between two networks to control/monitor/log all IP communication.
Most commonly, this is placed between an
internal network - A local area network or LAN
and an external network – usually WAN or wide area network or most popularly known as the Internet.
So why would we place a firewall between your local network and the internet?
That’s right, we would like to shield our internal network from external threats. By placing a firewall right in the middle, we can define certain “rules” that will tell the firewall what communication should be allowed or disallowed.
Coming back to the main topic – how does a firewall work?
After we have defined certain rules on the firewall – the firewall would check the headers of every packet (a packet is a unit of data in IP networks) and would either allow it to go through or block it.
Let me illustrate how does this work – Consider there are 3 computers, A, B and C. And we have assigned the following ip addresses to each one of them
A – 192.168.1.1
B – 192.168.2.1
C – 192.168.3.1
If we add a few rules in the firewall that A is not allowed to communicate with B, and B is allowed to communicate with C, and no rule is defined for communication between A and C here is how it will work
When a packet comes in the firewall – it will analyze the source and destination IP addresses. Lets evaluate three cases
1) A is trying to communicate with B
When the packet comes in the firewall, it will find that the packet is coming from 192.168.1.1 and is going to 192.168.2.1 – the firewall will block the packet, as we have defined a rule that A cannot communicate with B.
2) B is trying to communicate with C
When the packet comes in the firewall, it will find that the packet is coming from 192.168.2.1 and is going to 192.168.3.1 – the firewall will allow the packet, as we have defined a rule that B can communicate with C.
3) A is trying to communicate with C
When the packet comes in the firewall, it will find that the packet is coming from 192.168.1.1 and is going to 192.168.3.1 – the firewall will Block the packet. WHY?
In most cases, a firewall will have an implicit “deny” rule. If the packet matches no rules, it will be blocked.
You might ask why again – Why should the packet be dropped?
Well, for security reasons – If the packet is coming from an unknown source, most likely it will be an untrusted source and so it is a good practice to block it.
You have just read the basics on how does a firewall work.
Please note that this post is for absolute beginners (no disrespect). To explain a very technical concept in simple words is very difficult, so for those geeks reading this article – don’t even try to shoot holes!
If you have any questions regarding this post, feel free to post comments in the section below and I’ll do my best to answer them
Share this article