Packet-Filtering Firewalls: Definition, Types, & Providers

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A packet filtering firewall is a network security tool used to regulate data as it flows to and from a network. As network packets move across networks, the packet filtering firewall routes outgoing and incoming packets according to predefined rules, rejecting packets based on qualities like the source and destination IP (Internet Protocol) addresses, protocols, and ports. Packet filtering is also known as static filtering.

How Does a Packet-Filtering Firewall Work?

As data flows across a network, it is broken into smaller bits called packets, which are reordered as they pass through the firewall and arrive at their final destinations. This is called “packet switching.” Packets contain two components:

  • Packet headers are used to route data and contain elements of the IP and other necessary information.
  • Payloads contain the user data attempting to reach its destination.

Packet filtering firewalls consider several specifications:

  • Source IP address
  • Destination IP address
  • Session and application protocols used to transfer data like Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP)
  • Source and destination ports, ICMP types, and codes
  • Access control settings
  • Flags in the protocol header like for a connect request
  • Physical interface

Security operations centers (SOCs) can create packet filtering firewall walls that only allow packets that match specific IP addresses or ports or effectively reject all outside packets for a time.

Firewalls are the gatekeepers that prevent unwanted traffic from passing through into a network, where malicious code, viruses, trackers, and other dangerous data can wreak havoc. As part of an umbrella of network security tools, firewalls are foundational and can safely be considered as a first line of defense.

Read more: 7 Different Types of Firewalls & Deployment Options Explained

4 Types of Packet-Filtering Firewalls

Static Packet-Filtering Firewall

The most common type of packet-filtering firewall, static packet-filtering firewalls require teams to create firewall rules manually. Internal and external network connections are either open or closed unless an administrator manually adjusts permissions.

Users can define rules, manage ports, oversee access control lists, and create rules based on IP address. Static packet-filtering firewalls are straightforward and best suited for smaller applications and networks with fewer users versus sprawling enterprise networks.

Dynamic Packet-Filtering Firewall

Dynamic packet-filtering firewalls allow for dynamic rules that meet specific conditions. For example, ports can be set to remain open for specific time periods only. Dynamic packet-filtering firewalls are more flexible than static packet-filtering firewalls and can add automation to common processes, freeing up analyst time for other tasks.

Stateless Packet-Filtering Firewall

Stateless packet-filtering firewalls are among the oldest, most established options for firewall protection. Because they are limited in scope and generally less effective, this type of packet-filtering firewall has mostly gone out of favor in the enterprise setting, though they may be used as part of a larger network security approach that includes more advanced tech.

When they are used, typical applications include residential internet users or low-power customer-premises equipment like cable TV set-top boxes and DSL routers. They can help protect these devices from malware, non-application-specific traffic, and harmful applications.

Stateful Packet-Filtering Firewall

Stateful packet-filtering firewalls can track active connections, unlike stateless packet-filtering firewalls. This type of firewall can examine TCP and UDP information to gain more context around data packet contents, adding accuracy when the firewall sorts legitimate traffic or packages from potentially malicious data.

As connections encounter a stateful packet-filtering firewall, they must “introduce” themselves before gaining access to a predetermined approved list of allowable connections.

Read more: 5 Top Storage Security Predictions for 2023

Packet-Filtering Firewall Pros

Packet-filtering firewalls are popular for many reasons. Most notably, they are a cost-efficient defensive tool that is straightforward to use and effective for warding off a high percentage of undesirable traffic. Other pros of packet-filtering firewalls include:

Speed and Effectiveness

Packet-filtering firewalls work rapidly to make quick decisions based on the rules set up by administrators and, usually, not much more. Unlike more comprehensive network security tools, packet-filtering firewalls don’t conduct internal traffic inspections or store state information. More advanced firewall technology utilizes methods that are slower but more thorough.

Transparency

Packet-filtering firewalls function autonomously. This means users aren’t informed about packet transmissions unless something is rejected.

Value

Packet-filtering firewalls are a good value. Without a massive investment, unprotected networks see marked security improvements when packet-filtering firewalls are introduced. Also, many devices and websites have packet-filtering capabilities built in.

Ease of Use

Packet-filtering firewalls are straightforward to set up and to monitor since users only need to review packet transfers that are rejected. Users don’t need extensive training to operate packet-filtering firewalls.

Packet-Filtering Firewall Cons

While packet-filtering firewalls offer several attractive pros, there are a few less favorable considerations to keep in mind about this network security tool.

Security Limitations

Packet-filtering firewalls make decisions based on limited, basic information about IP addresses and ports. They can’t review data in a larger context, which means bad actors can sneak around them by placing harmful commands in places that aren’t examined or in the payload user data itself. As long as the malicious communication comes through an allowed port, there’s a significant risk that it will reach the network.

Regulatory Compliance Limitations

Some packet-filtering firewalls lack logging capabilities required by certain regulatory bodies governing specific industries and companies that handle personal identifying information.

IP Spoofing

Attackers can easily spoof IP addresses to trick static packet-filtering firewalls.

Scope

Packet-filtering firewalls alone are generally not powerful enough to adequately protect an enterprise network, which would require an endlessly growing list of rules that must be set for both incoming and outgoing traffic. The manual nature of this security solution means it can be overwhelmingly time-consuming to manage.

Inflexibility

These firewalls rely on IP address authentication and port numbers instead of using context clues, and most don’t remember previously filtered packets or even past instructions. They are not capable of learning and improving, unlike some AI-enhanced network security tools. Protection is only as up-to-date as the last manual update.

Missed Protocols

Some protocols are overlooked by packet-filtering firewalls — for example, the Berkeley “r” commands like rcp, rlogin, rdist, and rsh.

Limited Data Analytical Insight

Security teams can use rejected packet information to help refine rules and shape protocols for other security tools, but the time-consuming, manual nature of this process can become cumbersome. Much of this data is realistically set aside and never analyzed.

10 Best Packet-Filtering Firewall Providers

These 10 packet-filtering firewalls providers are among the most popular and well-rated:

  1. WatchGuard Network Security
  2. Palo Alto Networks
  3. Fortinet
  4. Cisco
  5. Forcepoint
  6. Barracuda Networks
  7. Sophos
  8. Versa Networks
  9. SonicWall
  10. Check Point Software Technologies

When selecting a packet-filtering firewall, enterprises should consider not only their current security posture but future needs as well. For busy enterprise networks, a firewall on its own is likely insufficient, so it’s important to consider how a given tool will work within a larger security suite. Often, basic firewall protection is part of a comprehensive solution, but companies can and often do purchase additional, stand-alone firewall solutions for added protection.

Bottom Line: Packet-Filtering Firewalls

Packet-filtering firewalls provide basic network protection at a lower price point than more sophisticated network security tools. The limited security scope of standard packet-filtering firewalls renders them inadequate when it comes to protecting sprawling enterprise networks with hundreds or thousands of dynamic endpoints.

Still, these firewalls work quickly and are well-suited for smaller applications and home use. Enterprises are likely to use packet-filtering firewalls within a comprehensive security solution that includes other more advanced tools that provide deeper data insights, automation, and often AI enhancements.

Sarah Hunt
Sarah Hunt
Sarah Bricker Hunt covers wide-ranging topics for various audiences, including tech-focused features on data privacy, telecom, corporate and consumer technology trends, and more. Hunt's work is frequently featured in print publications, B2B and B2C trade journals, and numerous high-profile websites.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.