From a modular development standpoint, should a "firewall" do anything else than filtering ports?



  • From a modular development standpoint, should a "firewall" do anything else than filtering ports?
    This leads me to further ask, have there been attempts to reform the terminology from "firewall" to "port filterer"?


  • QA Engineer

    There is wide range of appliances, hardware or services called firewalls. Some of these only filter by IP and ports - they are often also called (stateful or stateless) packet filter (although some of these can also look into application payload). Others filter application traffic, like web application firewalls (WAF).

    Thus reducing the term "firewall" to "port filter" is not correct.

    EDIT to make more clear what the term "packet filter" usually refers to: In the literal meaning of the word a packet filter could analyze the whole packet, i.e. network (IP), transport (protocol, port) and application payload. But the term is not used this way. Instead the terms stateful and stateless packet filter mean filters, which look at the network and transport layer only and only at a single packet at a time. Proper analysis of the application layer for TCP would require more than that. It would need to reassemble the TCP stream, including handle duplicate, lost or reordered packets packets etc. This isn't done by a simple packet filter.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2