What is a firewall and how does it protect networks?

Short answer

A firewall is a security device or software that monitors and controls incoming and outgoing network traffic based on predefined rules. It acts as a barrier between trusted internal networks and untrusted external networks.

How it works

Firewalls inspect packets and compare them against rule sets. Basic packet filters check source and destination IPs, ports, and protocols. Stateful firewalls track the state of active connections and allow return traffic only for established sessions. Next-generation firewalls add application awareness, intrusion prevention, and deep packet inspection.

Rules are processed from top to bottom, and the first matching rule determines the action, typically allow or deny.

Example

A firewall might allow inbound traffic on port 443 to a web server while blocking all inbound traffic on port 3389 (Remote Desktop) from the internet, preventing direct exposure.

Why it matters

Firewalls are the foundation of network defense. They reduce the attack surface, prevent unauthorized access, and provide logging for forensic analysis. Properly configured firewalls stop the vast majority of automated attacks.