Packet filtering is a technique used on firewalls to control incoming and outgoing network traffic based on predetermined security rules or access lists.
These rules specify which traffic is allowed and which is denied, based on various criteria such as the source and destination IP addresses, ports, and protocols.
Packet filtering firewalls are the basic level firewalls which are used to filter traffic only on basis of packets’s port, ip address and protocols.
These firewalls are not capable to have decisions based on traffic’s content or application level parameters(Deep packet inspection).
Packet Filtering Firewall Examples
Below are the examples of Packet Filtering Firewall Rules:
Example 1: Allow all incoming traffic from the IP address 192.168.0.100 on port 80 (HTTP)
This rule allows all traffic from the IP address 192.168.0.100 to pass through the firewall and reach the intended destination, as long as it is using the HTTP protocol on port 80.
All other traffic from this IP address, or traffic from other IP addresses, would be blocked by the firewall.
Example 2: Allow all outgoing traffic to the IP address 8.8.8.8 on port 53 (DNS)
This rule allows all traffic originating from the protected network and headed to the IP address 8.8.8.8 to pass through the firewall, as long as it is using the DNS protocol on port 53.
This might be useful if you want to allow your network users to perform DNS queries and look up domain names.
Example 3: Deny all incoming traffic from the IP address 192.168.1.100 on port 22 (SSH)
This rule blocks all traffic from the IP address 192.168.1.100 from reaching the protected network, regardless of the destination.
This might be useful if you want to prevent unauthorized access to your network via the SSH protocol.
Example 4: Allow all incoming traffic from the IP address range 192.168.0.0/24 on port 80 (HTTP)
This rule allows all traffic from the IP address range 192.168.0.0 to 192.168.0.255 to pass through the firewall and reach the intended destination, as long as it is using the HTTP protocol on port 80.
This might be useful if you want to allow web traffic from a specific subnet or network.
Example 5: Allow all outgoing traffic from the IP address range 10.0.0.0/8 on port 443 (HTTPS)
This rule allows all traffic originating from the IP address range 10.0.0.0 to 10.255.255.255 to pass through the firewall and reach the intended destination, as long as it is using the HTTPS protocol on port 443.
This might be useful if you want to allow secure web traffic from a specific subnet or network.
Example 6: Allow all incoming traffic from the IP address range 10.0.0.0/24 on ports 80 and 443 (HTTP and HTTPS)
This rule allows all traffic from the IP address range 10.0.0.0 to 10.0.0.255 to pass through the firewall and reach the intended destination, as long as it is using either the HTTP or HTTPS protocol on ports 80 or 443.
This might be useful if you want to allow web traffic from a specific subnet or network.
Example 7: Deny all incoming traffic from the IP address range 172.16.0.0/12 on port 25 (SMTP)
This rule blocks all traffic from the IP address range 172.16.0.0 to 172.31.255.255 from reaching the protected network, as long as it is using the SMTP protocol on port 25.
This would be useful if you want to prevent spam or unauthorized email from specific ip address range to reach inside your network.
Example 8: Allow all outgoing traffic to the IP address 192.168.1.100 on port 3389 (RDP)
This rule allows all traffic originating from the protected network and headed to the IP address 192.168.1.100 to pass through the firewall, as long as it is using the RDP protocol on port 3389.
This might be useful if you want to allow remote desktop connections to a specific machine on your network.
Example 9: Deny all incoming traffic from the IP address range 192.168.2.0/24 on port 21 (FTP)
This rule blocks all traffic from the IP address range 192.168.2.0 to any destination.
I hope these examples give you an idea of how packet filtering firewalls work and how they can be used to control network traffic.