A firewall is a network security device or software that monitors and filters incoming and outgoing network traffic according to a set of security rules. It acts as a barrier between a trusted internal network and untrusted external networks such as the internet.
Types of Firewalls
- Packet-filtering firewall — Inspects packets at the network layer based on source/destination IP and port. Fast but limited.
- Stateful inspection firewall — Tracks the state of connections and only allows packets that are part of an established connection.
- Application-layer (proxy) firewall — Operates at OSI Layer 7 and can inspect the content of traffic, not just headers.
- Next-Generation Firewall (NGFW) — Combines traditional firewall features with intrusion detection, SSL inspection and application control.
- Web Application Firewall (WAF) — Specifically designed to protect web applications from attacks like SQL injection, XSS and CSRF.
Firewalls and Websites
Web Application Firewalls (WAFs) are the most relevant type for website owners. Services like Cloudflare, Sucuri and AWS WAF sit in front of web servers and filter malicious HTTP requests before they reach the application.
What a Firewall Does NOT Do
- Does not protect against threats that bypass the network perimeter (e.g. insider threats, USB attacks).
- Does not replace antivirus software or patch management.
- A web application firewall does not protect against logic flaws in the application itself.