What are the four firewall filtering techniques?
Packet filtering, application filtering, URL filtering, and stateful packet inspection (SPI).
A firewall decides what traffic to permit or deny, and it can make that decision by inspecting different layers of each packet. The four techniques are roughly ordered from simplest to most intelligent — most firewalls combine several at once:
* The techniques run simplest to smartest: address filter, port filter, URL filter, then stateful inspection that asks "did we ask for this?" *
-
Packet filtering - Allows or blocks based on Layer 2/3 addresses (IP or MAC). Fast but coarse: it only knows who is talking, not what they are doing.
-
Application filtering - Allows or blocks specific application types by their port numbers (e.g. block port 23 to stop Telnet).
-
URL filtering - Allows or blocks access to websites by specific URLs or keywords — useful for content policies.
-
Stateful Packet Inspection (SPI) - Tracks the state of connections so that inbound packets are admitted only if they are legitimate replies to a request that originated inside; unsolicited inbound traffic is dropped. This is the smartest of the four because it understands the context of a packet, not just its address.
Go deeper:
What is a Firewall? — PowerCert Animated Videos — animated walkthrough of how firewalls use rules/ACLs to permit or deny traffic.
Firewall (computing) — Wikipedia — packet filtering through stateful and application-layer firewalls.