Packet filtering firewall visualization.
Packet-filtering firewalls restrict traffic to and from networks. Learn how they work and what you should know before buying.
A packet filtering firewall is a network security tool used to regulate data as it flows to and from a network. As network packets move across networks, the packet filtering firewall routes outgoing and incoming packets according to predefined rules, rejecting packets based on qualities like the source and destination IP (Internet Protocol) addresses, protocols, and ports. Packet filtering is also known as static filtering.
As data flows across a network, it is broken into smaller bits called packets, which are reordered as they pass through the firewall and arrive at their final destinations. This is called “packet switching.” Packets contain two components:
Packet filtering firewalls consider several specifications:
Security operations centers (SOCs) can create packet filtering firewall walls that only allow packets that match specific IP addresses or ports or effectively reject all outside packets for a time.
Firewalls are the gatekeepers that prevent unwanted traffic from passing through into a network, where malicious code, viruses, trackers, and other dangerous data can wreak havoc. As part of an umbrella of network security tools, firewalls are foundational and can safely be considered as a first line of defense.
Read more: 7 Different Types of Firewalls & Deployment Options Explained
The most common type of packet-filtering firewall, static packet-filtering firewalls require teams to create firewall rules manually. Internal and external network connections are either open or closed unless an administrator manually adjusts permissions.
Users can define rules, manage ports, oversee access control lists, and create rules based on IP address. Static packet-filtering firewalls are straightforward and best suited for smaller applications and networks with fewer users versus sprawling enterprise networks.
Dynamic packet-filtering firewalls allow for dynamic rules that meet specific conditions. For example, ports can be set to remain open for specific time periods only. Dynamic packet-filtering firewalls are more flexible than static packet-filtering firewalls and can add automation to common processes, freeing up analyst time for other tasks.
Stateless packet-filtering firewalls are among the oldest, most established options for firewall protection. Because they are limited in scope and generally less effective, this type of packet-filtering firewall has mostly gone out of favor in the enterprise setting, though they may be used as part of a larger network security approach that includes more advanced tech.
When they are used, typical applications include residential internet users or low-power customer-premises equipment like cable TV set-top boxes and DSL routers. They can help protect these devices from malware, non-application-specific traffic, and harmful applications.
Stateful packet-filtering firewalls can track active connections, unlike stateless packet-filtering firewalls. This type of firewall can examine TCP and UDP information to gain more context around data packet contents, adding accuracy when the firewall sorts legitimate traffic or packages from potentially malicious data.
As connections encounter a stateful packet-filtering firewall, they must “introduce” themselves before gaining access to a predetermined approved list of allowable connections.
Read more: 5 Top Storage Security Predictions for 2023
Packet-filtering firewalls are popular for many reasons. Most notably, they are a cost-efficient defensive tool that is straightforward to use and effective for warding off a high percentage of undesirable traffic. Other pros of packet-filtering firewalls include:
Packet-filtering firewalls work rapidly to make quick decisions based on the rules set up by administrators and, usually, not much more. Unlike more comprehensive network security tools, packet-filtering firewalls don’t conduct internal traffic inspections or store state information. More advanced firewall technology utilizes methods that are slower but more thorough.
Packet-filtering firewalls function autonomously. This means users aren’t informed about packet transmissions unless something is rejected.
Packet-filtering firewalls are a good value. Without a massive investment, unprotected networks see marked security improvements when packet-filtering firewalls are introduced. Also, many devices and websites have packet-filtering capabilities built in.
Packet-filtering firewalls are straightforward to set up and to monitor since users only need to review packet transfers that are rejected. Users don’t need extensive training to operate packet-filtering firewalls.
While packet-filtering firewalls offer several attractive pros, there are a few less favorable considerations to keep in mind about this network security tool.
Packet-filtering firewalls make decisions based on limited, basic information about IP addresses and ports. They can’t review data in a larger context, which means bad actors can sneak around them by placing harmful commands in places that aren’t examined or in the payload user data itself. As long as the malicious communication comes through an allowed port, there’s a significant risk that it will reach the network.
Some packet-filtering firewalls lack logging capabilities required by certain regulatory bodies governing specific industries and companies that handle personal identifying information.
Attackers can easily spoof IP addresses to trick static packet-filtering firewalls.
Packet-filtering firewalls alone are generally not powerful enough to adequately protect an enterprise network, which would require an endlessly growing list of rules that must be set for both incoming and outgoing traffic. The manual nature of this security solution means it can be overwhelmingly time-consuming to manage.
These firewalls rely on IP address authentication and port numbers instead of using context clues, and most don’t remember previously filtered packets or even past instructions. They are not capable of learning and improving, unlike some AI-enhanced network security tools. Protection is only as up-to-date as the last manual update.
Some protocols are overlooked by packet-filtering firewalls — for example, the Berkeley “r” commands like rcp, rlogin, rdist, and rsh.
Security teams can use rejected packet information to help refine rules and shape protocols for other security tools, but the time-consuming, manual nature of this process can become cumbersome. Much of this data is realistically set aside and never analyzed.
These 10 packet-filtering firewalls providers are among the most popular and well-rated:
When selecting a packet-filtering firewall, enterprises should consider not only their current security posture but future needs as well. For busy enterprise networks, a firewall on its own is likely insufficient, so it’s important to consider how a given tool will work within a larger security suite. Often, basic firewall protection is part of a comprehensive solution, but companies can and often do purchase additional, stand-alone firewall solutions for added protection.
Packet-filtering firewalls provide basic network protection at a lower price point than more sophisticated network security tools. The limited security scope of standard packet-filtering firewalls renders them inadequate when it comes to protecting sprawling enterprise networks with hundreds or thousands of dynamic endpoints.
Still, these firewalls work quickly and are well-suited for smaller applications and home use. Enterprises are likely to use packet-filtering firewalls within a comprehensive security solution that includes other more advanced tools that provide deeper data insights, automation, and often AI enhancements.
Sarah Bricker Hunt covers wide-ranging topics for various audiences, including tech-focused features on data privacy, telecom, corporate and consumer technology trends, and more. Hunt's work is frequently featured in print publications, B2B and B2C trade journals, and numerous high-profile websites.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
