A packet filtering firewall is a network security tool used to regulate data as it flows to and from a network. As network packets move across networks, the packet filtering firewall routes outgoing and incoming packets according to predefined rules, rejecting packets based on qualities like the source and destination IP (Internet Protocol) addresses, protocols, and ports. Packet filtering is also known as static filtering.
How Does a Packet-Filtering Firewall Work?
As data flows across a network, it is broken into smaller bits called packets, which are reordered as they pass through the firewall and arrive at their final destinations. This is called “packet switching.” Packets contain two components:
- Packet headers are used to route data and contain elements of the IP and other necessary information.
- Payloads contain the user data attempting to reach its destination.
Packet filtering firewalls consider several specifications:
- Source IP address
- Destination IP address
- Session and application protocols used to transfer data like Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP)
- Source and destination ports, ICMP types, and codes
- Access control settings
- Flags in the protocol header like for a connect request
- Physical interface
Security operations centers (SOCs) can create packet filtering firewall walls that only allow packets that match specific IP addresses or ports or effectively reject all outside packets for a time.
Firewalls are the gatekeepers that prevent unwanted traffic from passing through into a network, where malicious code, viruses, trackers, and other dangerous data can wreak havoc. As part of an umbrella of network security tools, firewalls are foundational and can safely be considered as a first line of defense.
Read more: 7 Different Types of Firewalls & Deployment Options Explained
4 Types of Packet-Filtering Firewalls
Static Packet-Filtering Firewall
The most common type of packet-filtering firewall, static packet-filtering firewalls require teams to create firewall rules manually. Internal and external network connections are either open or closed unless an administrator manually adjusts permissions.
Users can define rules, manage ports, oversee access control lists, and create rules based on IP address. Static packet-filtering firewalls are straightforward and best suited for smaller applications and networks with fewer users versus sprawling enterprise networks.
Dynamic Packet-Filtering Firewall
Dynamic packet-filtering firewalls allow for dynamic rules that meet specific conditions. For example, ports can be set to remain open for specific time periods only. Dynamic packet-filtering firewalls are more flexible than static packet-filtering firewalls and can add automation to common processes, freeing up analyst time for other tasks.
Stateless Packet-Filtering Firewall
Stateless packet-filtering firewalls are among the oldest, most established options for firewall protection. Because they are limited in scope and generally less effective, this type of packet-filtering firewall has mostly gone out of favor in the enterprise setting, though they may be used as part of a larger network security approach that includes more advanced tech.
When they are used, typical applications include residential internet users or low-power customer-premises equipment like cable TV set-top boxes and DSL routers. They can help protect these devices from malware, non-application-specific traffic, and harmful applications.
Stateful Packet-Filtering Firewall
Stateful packet-filtering firewalls can track active connections, unlike stateless packet-filtering firewalls. This type of firewall can examine TCP and UDP information to gain more context around data packet contents, adding accuracy when the firewall sorts legitimate traffic or packages from potentially malicious data.
As connections encounter a stateful packet-filtering firewall, they must “introduce” themselves before gaining access to a predetermined approved list of allowable connections.
Read more: 5 Top Storage Security Predictions for 2023
Packet-Filtering Firewall Pros
Packet-filtering firewalls are popular for many reasons. Most notably, they are a cost-efficient defensive tool that is straightforward to use and effective for warding off a high percentage of undesirable traffic. Other pros of packet-filtering firewalls include:
Speed and Effectiveness
Packet-filtering firewalls work rapidly to make quick decisions based on the rules set up by administrators and, usually, not much more. Unlike more comprehensive network security tools, packet-filtering firewalls don’t conduct internal traffic inspections or store state information. More advanced firewall technology utilizes methods that are slower but more thorough.
Transparency
Packet-filtering firewalls function autonomously. This means users aren’t informed about packet transmissions unless something is rejected.
Value
Packet-filtering firewalls are a good value. Without a massive investment, unprotected networks see marked security improvements when packet-filtering firewalls are introduced. Also, many devices and websites have packet-filtering capabilities built in.
Ease of Use
Packet-filtering firewalls are straightforward to set up and to monitor since users only need to review packet transfers that are rejected. Users don’t need extensive training to operate packet-filtering firewalls.
Packet-Filtering Firewall Cons
While packet-filtering firewalls offer several attractive pros, there are a few less favorable considerations to keep in mind about this network security tool.
Security Limitations
Packet-filtering firewalls make decisions based on limited, basic information about IP addresses and ports. They can’t review data in a larger context, which means bad actors can sneak around them by placing harmful commands in places that aren’t examined or in the payload user data itself. As long as the malicious communication comes through an allowed port, there’s a significant risk that it will reach the network.
Regulatory Compliance Limitations
Some packet-filtering firewalls lack logging capabilities required by certain regulatory bodies governing specific industries and companies that handle personal identifying information.
IP Spoofing
Attackers can easily spoof IP addresses to trick static packet-filtering firewalls.
Scope
Packet-filtering firewalls alone are generally not powerful enough to adequately protect an enterprise network, which would require an endlessly growing list of rules that must be set for both incoming and outgoing traffic. The manual nature of this security solution means it can be overwhelmingly time-consuming to manage.
Inflexibility
These firewalls rely on IP address authentication and port numbers instead of using context clues, and most don’t remember previously filtered packets or even past instructions. They are not capable of learning and improving, unlike some AI-enhanced network security tools. Protection is only as up-to-date as the last manual update.
Missed Protocols
Some protocols are overlooked by packet-filtering firewalls — for example, the Berkeley “r” commands like rcp, rlogin, rdist, and rsh.
Limited Data Analytical Insight
Security teams can use rejected packet information to help refine rules and shape protocols for other security tools, but the time-consuming, manual nature of this process can become cumbersome. Much of this data is realistically set aside and never analyzed.
10 Best Packet-Filtering Firewall Providers
These 10 packet-filtering firewalls providers are among the most popular and well-rated:
- WatchGuard Network Security
- Palo Alto Networks
- Fortinet
- Cisco
- Forcepoint
- Barracuda Networks
- Sophos
- Versa Networks
- SonicWall
- Check Point Software Technologies
When selecting a packet-filtering firewall, enterprises should consider not only their current security posture but future needs as well. For busy enterprise networks, a firewall on its own is likely insufficient, so it’s important to consider how a given tool will work within a larger security suite. Often, basic firewall protection is part of a comprehensive solution, but companies can and often do purchase additional, stand-alone firewall solutions for added protection.
Bottom Line: Packet-Filtering Firewalls
Packet-filtering firewalls provide basic network protection at a lower price point than more sophisticated network security tools. The limited security scope of standard packet-filtering firewalls renders them inadequate when it comes to protecting sprawling enterprise networks with hundreds or thousands of dynamic endpoints.
Still, these firewalls work quickly and are well-suited for smaller applications and home use. Enterprises are likely to use packet-filtering firewalls within a comprehensive security solution that includes other more advanced tools that provide deeper data insights, automation, and often AI enhancements.