Firewalls: Packet Filtering vs Next-Gen
Compare stateless packet filtering, stateful inspection, and next-generation firewalls with application awareness, IPS, and SSL inspection.
What Is a Firewall?
A firewall is a network security device (hardware or software) that monitors and controls incoming and outgoing traffic based on predefined rules. Firewalls sit between trusted internal networks and untrusted external networks, acting as a gatekeeper. They are a foundational perimeter control, but modern attacks that use encrypted channels or lateral movement within trusted zones highlight why firewalls alone are insufficient and must be combined with other layers of defense.
Packet Filtering Firewalls
Packet filtering firewalls (also called stateless firewalls) inspect each packet in isolation based on header fields: source IP, destination IP, source port, destination port, and protocol. They apply simple allow/deny rules called ACLs (Access Control Lists). Because they examine each packet independently, they cannot track whether a packet is part of an established session, making them vulnerable to attacks that forge expected header values or exploit multi-packet vulnerabilities.
# iptables packet filter example (Linux)
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Block inbound Telnet
iptables -A INPUT -p tcp --dport 23 -j DROP
# Allow SSH from specific subnet
iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport 22 -j ACCEPTAll lessons in this course
- TCP/IP Model and Common Ports
- Firewalls: Packet Filtering vs Next-Gen
- Network Segmentation and VLANs
- Common Network Attacks: DoS, Spoofing, and MITM