What are packet filter rules?

A packet is a small chunk of a relatively larger message or piece of data. Data is transmitted over a network, such as the internet, in little packets to ensure reliability and efficiency.

To block the delivery of unwanted inbound packets, firewalls employ packet filtering.

A firewall is a device that inspects inbound packets. It can block or permit any packet, depending on the access control rules used to configure it.

The header of most packets contains details such as source and destination ports, IP addresses, and protocol names. To apply packet filtering, we only need to know the source and destination IP addresses and ports.

Implementation

A firewall may be implemented inside of the router. The set of rules used by the firewall to determine whether or not an inbound packet should be accepted is known as the access control policy.

An inbound packet is any packet whose IP address is external to the network of the destination IP address

Each access control or packet filtering rule is applied to each inbound packet. The packet is either denied or permitted by the firewall. A denied packet is dropped, and a permitted packet is transmitted to the machine with its corresponding source IP address.

A packet filtering rule contains the following fields:

  • Action - Can be either deny or allow.
  • Protocol - Name of transmission protocol, such as TCP.
  • SRC/DST IP - IP address of sender or receiver.
  • SRC/DST Port - Port of sender or receiver.

Format

The following format is used to write a packet filtering rule:

Example

The packet filtering rule below will deny any packet sent by an external user with IP address 192.168.1.5 from source port 1123 to an internal user with IP 512.412.5.2 at port 1232.

Example 1.

On the contrary, the following rule below will allow any packet sent by an external user with IP address 192.168.1.5 from source port 1123 to an internal user with IP 512.412.5.2 at port 1232:

Example 2.
Question

To test your understanding of packet filter rules, examine the packet filter rule below and determine which packets will it permit.

allow tcp 192.168.1.5: * -> 512.412.5.2:1232

The asterisk symbol * denotes all values.

Show Answer
Copyright ©2024 Educative, Inc. All rights reserved