0

From a modular development standpoint, should a "firewall" do anything else than filtering ports?
This leads me to further ask, have there been attempts to reform the terminology from "firewall" to "port filterer"?

puertoportopoio
  • 3
  • 1

1 Answers1

2

There is wide range of appliances, hardware or services called firewalls. Some of these only filter by IP and ports - they are often also called (stateful or stateless) packet filter (although some of these can also look into application payload). Others filter application traffic, like web application firewalls (WAF).

Thus reducing the term "firewall" to "port filter" is not correct.

EDIT to make more clear what the term "packet filter" usually refers to: In the literal meaning of the word a packet filter could analyze the whole packet, i.e. network (IP), transport (protocol, port) and application payload. But the term is not used this way. Instead the terms stateful and stateless packet filter mean filters, which look at the network and transport layer only and only at a single packet at a time. Proper analysis of the application layer for TCP would require more than that. It would need to reassemble the TCP stream, including handle duplicate, lost or reordered packets packets etc. This isn't done by a simple packet filter.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Hello Steffen, please share just a sentence about what is the main difference between the packet payload and the aforementioned "application payload"? (I mean, isn't the application payload comprised of packet payloads?) – puertoportopoio Jun 25 '21 at 13:08
  • @puertoportopoio: I don't use the phrase "packet payload" but only talk about "application payload". I have no context of where you've seen this phrase but likely it means the same, i.e. the information in the packet which are not part of the network and transport layer (protocol, IP, port etc) but which are processed by the application. – Steffen Ullrich Jun 25 '21 at 17:19
  • I think that I meant to ask ; isn't packet filtering includes filtering application payloads (in this question I assume that an application payload is part of a packet). – puertoportopoio Jun 25 '21 at 17:22
  • @puertoportopoio: In the literal meaning of the word a packet filter could also analyze the application payload. But the term is not used this way. Instead the terms stateful and stateless packet filter mean filters, which look at the network and transport layer only. Proper analysis of the application payload requires at least for TCP to also to reassemble the TCP stream, handle duplicate and lost packets ... in order to properly analyze the application traffic. This isn't done by a simple packet filter. – Steffen Ullrich Jun 25 '21 at 17:30
  • Steffen, thanks; perhaps, it's good to be added as a small expansion to the answer. – puertoportopoio Jun 25 '21 at 17:32