Listen to this Post
Introduction
Firewalls are the cornerstone of network security, acting as gatekeepers that control incoming and outgoing traffic. In the CISSP (Certified Information Systems Security Professional) curriculum, understanding firewall types and their layered deployment is critical. This article breaks down five key firewall categories, their roles, and practical configurations to strengthen network defenses.
Learning Objectives
- Differentiate between packet filtering, stateful inspection, application-layer, next-generation (NGFW), and host-based firewalls.
- Learn how to configure basic firewall rules in Linux (
iptables) and Windows (Firewall). - Apply defense-in-depth principles by combining firewall types effectively.
1. Packet Filtering Firewall (The Gatekeeper)
Command (Linux – `iptables`):
iptables -A INPUT -p tcp --dport 23 -j DROP Blocks Telnet (port 23)
What It Does:
- Filters traffic based on IP addresses and ports (OSI Layers 3–4).
- Fast but stateless—no tracking of connection states.
Step-by-Step:
1. Check current rules:
iptables -L
2. Block a specific port (e.g., Telnet):
iptables -A INPUT -p tcp --dport 23 -j DROP
3. Save rules (on Ubuntu):
sudo netfilter-persistent save
2. Stateful Inspection Firewall (The Receptionist)
Command (Linux – `iptables` with state tracking):
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
What It Does:
- Tracks active connections (OSI Layers 3–5).
- Blocks unsolicited inbound traffic.
Step-by-Step:
1. Allow established/related traffic:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
2. Deny invalid packets:
iptables -A INPUT -m state --state INVALID -j DROP
3. Application-Layer Firewall (The Security Inspector)
Example (Windows – Blocking HTTP with PowerShell):
New-NetFirewallRule -DisplayName "Block HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Block
What It Does:
- Inspects application-layer traffic (OSI Layer 7).
- Blocks malicious HTTP/FTP requests.
Step-by-Step:
1. Open PowerShell as Admin.
2. Block inbound HTTP:
New-NetFirewallRule -DisplayName "Block HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Block
4. Next-Generation Firewall (NGFW) (The High-Tech Chief)
Example (Configuring Suricata for Deep Packet Inspection):
sudo suricata -c /etc/suricata/suricata.yaml -i eth0
What It Does:
- Combines DPI (Deep Packet Inspection), threat intelligence, and application control.
Step-by-Step:
1. Install Suricata:
sudo apt-get install suricata
2. Start monitoring traffic:
sudo suricata -c /etc/suricata/suricata.yaml -i eth0
5. Host-Based Firewall (The Office Guard)
Command (Windows – Enable Firewall via CMD):
netsh advfirewall set allprofiles state on
What It Does:
- Protects individual endpoints (e.g., workstations).
Step-by-Step:
1. Open Command Prompt as Admin.
2. Enable firewall:
netsh advfirewall set allprofiles state on
What Undercode Say:
- Key Takeaway 1: Firewalls must be layered—no single type provides complete security.
- Key Takeaway 2: NGFWs are essential for modern threats but require fine-tuning.
Analysis:
Firewalls are evolving beyond static rules. With AI-driven NGFWs, automated threat detection is becoming standard. However, misconfigurations remain a leading cause of breaches. Future trends include zero-trust integration and cloud-native firewalls (e.g., AWS Network Firewall).
Prediction:
By 2026, 75% of enterprises will adopt AI-augmented firewalls, reducing false positives by 40%. However, attackers will increasingly exploit misconfigured cloud firewalls, making continuous monitoring critical.
Final Thought:
Mastering firewalls isn’t just about knowing commands—it’s about strategic placement and continuous adaptation. Whether you’re prepping for CISSP or hardening a network, defense-in-depth is non-negotiable.
IT/Security Reporter URL:
Reported By: Biren Bastien – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
