A firewall protects a network from external threats by performing 5 main functions:
- Port Filtering — A port on a machine is used by a specific application. Port filtering is also called port blocking. This allows or denies application services by blocking or opening a port.
Port 80 — HTTP (web apps)
Port 25 — Sending E-mail
Port 21— FTP, etc.
- MAC Filtering — MAC address stands for media access control address. It is like an IP address but for the Network Identifier Card (NIC) of devices. The MAC address never changes for a device.
- IP Filtering — Also called packet filtering. Blocks packets based on layer 3 IP address (also called the network layer). Can block packets from a range of IPs.
- Content Filtering — Blocking web pages and sites. At the essence the firewall checks for characters that can point that the site has pornographic, hate, or violent content.
These 4 functions mentioned above are stateless or simple static filtering, i.e. each packet is independently examined based on different variables and with no reference to any packets that may have passed by the firewall previously.
- Dynamic Filtering — Also called stateful filtering. It is a comprehensive inspection. Like you go through an airport security check with ids and whatnot. Checking the packets from the layer to through layer 7. Not only it checks the headers and metadata of packets but it also does a close inspection of the contents near the application layer. Packets are examined as a string and each packet’s examination also depends on the earlier packet.
Dynamic filtering also checks for the authenticity of the packets and ensures they are not altered.
To summarize,
Static firewalls examine the packets on the basis of different variables like IP addresses, port addresses, MAC addresses.
Whereas, dynamic firewalls make decisions based on the whole picture of the packets.