Definition

Packet filtering is a method for controlling network traffic by analyzing data packets transmitted between devices. It acts as a firewall that inspects each packet that passes through a network and decides to allow or block it based on predefined rules.

Usually, it is configured using software placed between two networks. The software inspects packet headers to determine their source and destination addresses, port numbers, and protocol type. Based on this information, the software decides whether to allow or block the traffic.

Why is Packet Filtering Useful?

How Packet Filtering Works

Data transmitted into a network is divided into packets for efficient transmission. Packet filters assess data packets to determine whether or not they should enter the network. Data packets are divided into two:

Packet filtering inspects the following information on the packet header to decide whether packets should be blocked or allowed to pass:

The packet filter compares this information with rules and access control lists for approval or denial of entry into the network.

Key Features of Packet Filters

What is Packet Filtering Used for?

Packet filtering acts as firewalls that protect devices, applications and data from malicious attacks. Unlike advanced firewalls, packet filtering operates at a basic level, which explains its fast-processing speeds.

Packet filtering uses IP allow lists, which enables you to screen incoming traffic by adding authenticated user IP addresses to access control lists (ACLs). The process ensures that only authorized access sensitive data.

Types of Packet Filtering Firewall

Static Packet filtering firewalls

They operate with fixed rules set by the network administrator, making them simple and ideal for small setups. The set rules remain unchanged until modified by the admin. However, they can be configured to manage ports and access. One drawback of static packet filtering firewalls is that they require manual updates and configurations. They also lack automation which limits their scalability.

Dynamic Packet filtering firewalls

These types of packet-filtering firewalls adapt based on pre-set parameters. They allow users to adjust the parameters to their liking. Unlike static packet filtering firewalls, these types support automation, which minimizes administrative workload.

However, they lack machine learning capabilities and advanced security features present in next-generation firewalls. Like static filters, they can be stateless or stateful.

Stateless Packet Filtering Firewalls

These types of filtering firewalls analyze packets individually based on set rules without necessarily storing information regarding packet states. Stateless packet filters rely on limited information such as IP addresses and ports from access control lists (ACLs).

Stateful Packet Filters

Unlike stateless filters, stateful packet filers are more advanced. They evaluate the state of packets before allowing entry into the network. Also, they track network traffic, and store data in state tables for TCP and UDP protocols. While they offer robust security, these filters may be vulnerable to certain attacks like DDoS.

Limitations of Packet Filtering Firewalls

Benefits of Packet Filtering Firewalls