Understanding Firewalls and Ports

What is a Firewall?

A firewall is a security system that monitors and controls network traffic based on predetermined rules. It acts as a barrier between a trusted internal network and untrusted external networks (like the internet).

Think of a firewall as a security guard at a building entrance. It checks each visitor (network packet) against a list of rules and decides whether to let them in, send them out, or turn them away.

How Firewalls Work: Packet Filtering

At the most basic level, firewalls examine each network packet and check it against rules based on:

Source IP address: Where the packet came from
Destination IP address: Where the packet is going
Port number: Which service the packet is trying to reach
Protocol: TCP, UDP, ICMP, etc.
Direction: Inbound (coming in) or outbound (going out)

Stateless firewall Examines each packet independently. Simpler but less intelligent.

Stateful firewall Tracks the state of connections. Knows whether a packet is part of an established conversation. More secure.

Understanding Network Ports

Ports are numbered endpoints (0-65535) that identify specific services on a computer. When you visit a website, your browser connects to port 443 (HTTPS) or port 80 (HTTP) on the web server.

Well-Known Ports (0-1023)

Port 22 SSH (Secure Shell) - Remote terminal access

Port 53 DNS (Domain Name System) - Name resolution

Port 80 HTTP - Unencrypted web traffic

Port 443 HTTPS - Encrypted web traffic

Port 25 SMTP - Email sending

Port 3389 RDP - Windows Remote Desktop

TCP vs UDP

TCP (Transmission Control Protocol) Reliable, ordered delivery. Used for web, email, SSH, file transfers. Connection-oriented.

UDP (User Datagram Protocol) Fast but no delivery guarantee. Used for DNS, video streaming, gaming, VoIP. Connectionless.

Types of Firewalls

Software firewall Runs on your computer (Windows Firewall, UFW on Linux). Protects that specific device.

Hardware firewall A dedicated device (your router has a basic one). Protects your entire network.

For best protection, use both: a hardware firewall at the network edge (your router) and software firewalls on each device.

The Default Deny Principle

The most secure firewall approach is "default deny": block everything by default, then create specific rules to allow only the traffic you need.

💡

Default deny in practice

Block all incoming connections by default. Then allow only the specific ports your services need (e.g., port 80/443 for a web server, port 22 for SSH). This minimizes attack surface.

# Example with UFW (Linux):
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp    # Only allow SSH
sudo ufw allow 443/tcp   # Only allow HTTPS
sudo ufw enable

Summary

In this tutorial, you learned:

What firewalls are and how packet filtering works
The difference between stateful and stateless firewalls
Common network ports and what they are used for
TCP vs UDP protocols
Hardware vs software firewalls
The default deny principle for maximum security

🎉

You now understand firewall fundamentals!

This knowledge applies to every firewall tool you will encounter, from UFW to iptables to Windows Firewall to enterprise solutions.