Different Types of Firewalls Across OSI Layers

By /

Listen to this Post

Firewalls function at various layers of the OSI model. Basic stateless firewalls work at layers 3 and 4, filtering traffic by IP address and port. In contrast, application-layer firewalls operate at layer 7, analyzing the actual content of the traffic to make filtering decisions.

Find high-res PDF books with all cybersecurity-related infographics at:
👉 https://study-notes.org

You Should Know: Firewall Implementation & Commands

1. Packet Filtering Firewall (Layer 3 & 4)

  • Uses IP addresses and port numbers to allow/block traffic.
  • Linux (iptables) Example: 
    iptables -A INPUT -p tcp --dport 22 -j DROP  Block SSH
iptables -A INPUT -s 192.168.1.100 -j ACCEPT  Allow specific IP
  • Windows (netsh) Example: 
    netsh advfirewall firewall add rule name="BlockPort80" dir=in action=block protocol=TCP localport=80

2. Stateful Inspection Firewall (Layer 4)

  • Tracks active connections and allows only legitimate traffic.
  • Linux (nftables) Example: 
    nft add rule inet filter input ct state established,related accept
nft add rule inet filter input tcp dport 443 ct state new accept

3. Application-Layer Firewall (Layer 7)

  • Inspects HTTP, FTP, DNS payloads.
  • Linux (ModSecurity for Apache): 
    sudo apt install libapache2-mod-security2
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  • Windows (Application Control Policies via GPO):
  • Use `gpedit.msc` → Computer Config → Windows Settings → Security Settings → Application Control Policies

4. Next-Generation Firewall (NGFW – Multi-Layer)

  • Combines deep packet inspection (DPI), intrusion prevention (IPS), and TLS decryption.
  • Linux (Suricata IPS): 
    sudo suricata -c /etc/suricata/suricata.yaml -i eth0
  • Windows (PowerShell Log Analysis): 
    Get-WinEvent -FilterHashtable @{LogName='Security'; ID=5152} | Format-List

5. Proxy Firewall (Layer 7)

  • Acts as an intermediary for requests.
  • Linux (Squid Proxy): 
    sudo apt install squid
sudo systemctl start squid
  • Block Social Media via Squid: 
    acl block_social_media dstdomain .facebook.com .twitter.com
http_access deny block_social_media

What Undercode Say

Firewalls are essential in cybersecurity, operating at different OSI layers for granular control. While packet filtering (L3/L4) is fast, application-layer (L7) firewalls provide deeper security. Combining multiple firewall types (like NGFW) ensures robust protection. Always test rules before deployment and monitor logs for anomalies.

Expected Output:

  • A structured understanding of firewall types.
  • Practical Linux/Windows commands for implementation.
  • Enhanced security through multi-layered filtering.

For more details, visit: https://study-notes.org

References:

Reported By: Xmodulo Different – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: