A firewall is a machine that sits between a network and the rest of the Internet, attempting to ensure that nothing "bad" from the Internet harms the network. You can also set up firewall features for each machine, where the machine screens all of its incoming and outgoing data at the packet level (as opposed to the application layer, where server programs usually try to perform some access control of their own). Firewalling on individual machines is sometimes called IP filtering.

To understand how firewalls work, consider that there are three times when a system can filter packets:

  • When the system receives a packet

  • When the system sends a packet

  • When the system forwards (routes) a packet to another host or gateway

With no firewalling in ...

Get How Linux Works now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.