5.4. Firewall Functions

Most of today's firewalls employ a combination of functions to protect networks from hostile traffic. The more common ones are the following:

  • Static packet filtering

  • Dynamic packet filtering

  • Stateful filtering

  • Proxy

5.4.1. Static Packet Filtering

Static packet filtering controls traffic by using information stored within the packet headers. As packets are received by the filtering device, the attributes of the data stored within the packet headers are compared against the access control policy (referred to as an access control list [ACL]). Depending on how this header information compares with the ACL, the traffic is either allowed to pass or dropped.

A static packet filter can use the following information when regulating ...

Get Mastering™ Network Security, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.