Inbound and outbound rules
A firewall is software which monitors and allows or restrict inbound and outbound network traffic based on a set of rules. Firewalls are typically either software running on the computer, or software running on specialised hardware that works at the network level rather than individual computer level.
The purpose of a firewall is to ensure that only desirable network traffic is allowed to enter or leave your network. For instance, you may set a firewall rule that blocks all incoming traffic on a certain port number; this can be used to ensure certain applications are blocked – for example, social media applications could be blocked, or malware that utilises a specific port (think how worms spread and why this would be useful).
All network packets are sent using TCP/IP or UDP. These include not only an IP address for the target machine, but also a port number. Port numbers range from 1-65535. IP addresses in IPv4 format consist of four 8-bit values, separated with periods.
Where an IP address specifies a specific machine, a port number specifies an application. This ensures that only relevant data gets delivered to each application on the computer (great for efficiency and privacy).
If data is addressed to a specific destination and application, or originates from a specific IP address and port number, it should make sense that it is easy to block data packets that match certain rules – like protocol, IP source/destination and port number. This allows a firewall to restrict access to applications or machines as required.
Some firewalls can also inspect the data packets’ contents – that is, the payload data. Even if the source or destination machine is not blocked, data can be blocked on the grounds of its contents – perhaps inappropriate content, or sensitive information.
Many firewalls also work by monitoring for DOS attacks; if a given IP address generates too many requests in a given time period, that IP address can be blocked. Blocking repeated requests means that the server doesn’t get overloaded, and a DOS attack can be avoided.