Definition

packet filtering

Gavin Wright

By

Gavin Wright

What is packet filtering?

Packet filtering is the process of passing or blocking data packets at a network interface by a firewall based on source and destination addresses, ports or protocols. The packet filter examines the header of each IP packet based on a set of rules and decides to prevent it from passing (drop) or allow it to pass (accept).

Most computer networks, including the internet, use packets to transmit data. Each packet is a self-contained bundle of data that can be routed by the network, and each packet has two parts. The packet header contains information about the source IP address, destination IP address, protocol and port. The packet payload contains the data to be transmitted. A packet filter is a method to decide to allow or drop each packet going through the firewall based on the header information.

To illustrate, each data packet is like a letter with the header being the To and From address on the outside and the payload being what is inside the letter. A packet filter is like deciding to forward the letter or destroy it based on the information printed on the outside. For example, the mailroom could be told to destroy any letters from a country that it doesn't do business with or to block any outgoing mail from a department that handles sensitive information.

Packet filtering firewalls are often deployed at network boundaries. For example, they may be put between a corporate network and the internet or between a server network and clients. It may also exist as software on a computer protecting its network connection.

Packet filtering is the most common and simplest type of firewall. Almost all firewall products support packet filtering.

Traditional packet filtering is relatively limited compared to the modern cyber threat landscape. This has led to new systems, such as deep packet inspection, proxy firewalls and next-generation firewalls. Packet filtering remains relevant, though, as a simple, low-cost option for small business and home use or in larger organizations when combined with other security approaches, such as intrusion detection systems or zero trust.

pros and cons of the different kinds of firewalls — Table comparing pros and cons of different kind of firewalls

Packet filtering rules

Packet filtering firewalls use rules to decide if it should allow or drop the data packet. These rules are set by the firewall administrator.

Packet filtering relies on the IP packet header information and information about the firewall appliance, such as the following:

Source IP address.
Destination IP address.
Source port.
Destination port.
Network protocol.
IP flags.
Firewall interface.
Direction, ingress or egress.

Many rules are often used in conjunction with each other in a set precedence to create an overall policy.

Here is an example of packet filtering rules set up for outgoing employee internet traffic. The higher rules take precedence than the lower ones:

Allow File Transfer Protocol traffic to a trusted IP address.
Drop traffic to a list of known malicious IP addresses.
Allow one internal IP address access to one file sharing IP address.
Drop traffic to file sharing IP addresses for all other internal IP addresses.
Allow web traffic using known ports 80 and 443.
Drop all other traffic.

Types of packet filtering firewalls

There are a few different kinds of packet filtering firewalls.

Dynamic and static firewalls

In a static firewall, all rules are set by the administrator. The rules do not adjust automatically based on changing conditions.

A dynamic firewall can activate or deactivate rules based on changing conditions. These rules can be based on things like time or traffic. For example, a dynamic firewall could automatically add bad IP addresses to a drop list during a distributed denial-of-service attack.

Stateful and stateless firewalls

A stateless firewall does not maintain any information about connections over time. These can only make decisions based solely on predefined rules and the information present in the IP packet.

A stateful firewall can maintain information over time and retain a list of active connections. This enables the firewall to make more informed decisions. For example, if an internal client sent a request to an outside server, the stateful firewall logs this, and then, when a reply packet comes in from the server the firewall knows, it is part of the existing connection and allows it. Alternatively, if an external server sent an incoming reply with no corresponding outgoing request, the firewall drops it as malicious.

Advantages and disadvantages of packet filtering

Packet filtering as a network protection system has its advantages and disadvantages.

Advantages

Simple to use.
Cost-effective.
Fast.
Does not use a lot of compute resources.
Deterministic, predictable behavior.

Disadvantages

Not effective against modern attacks.
Can be circumvented with spoofing.
Cannot make decisions based on application or authentication.
Rule lists can become large and hard to manage over time.

This was last updated in March 2023

Continue Reading About packet filtering

Top 4 firewall-as-a-service security features and benefits

What are the 5 types of network firewalls and how are they different?

Inbound vs. outbound firewall rules: What are the differences?

What is secure remote access in today's enterprise?

Dig Deeper on Network security

Unified Communications

Everything Enterprise Connect 2024: News, trends and insights
Check out our news and analysis from Enterprise Connect, one of the largest enterprise communications and collaboration ...
AI, toll fraud and messaging top the list of UC security concerns
AI might get all the attention, but IT leaders are also concerned about some other key security vulnerabilities within their ...
3 ways to take advantage of collaboration behavior data
Organizations can use collaboration behavior data to track meeting attentiveness, establish better meeting habits and personalize...

Mobile Computing

Simplify mobile app development for the enterprise
Without the right resources, mobile app development can be challenging. Find out how to start the process and the best tools to ...
4 types of mobile security models and how they work
Learn about the different mobile security models that organizations can choose from and how vendors combine cloud-based threat ...
The ultimate guide to mobile device security in the workplace
Mobile devices provide connectivity for employees to access business data and communicate with colleagues, but these unique ...

Infrastructure for machine learning, AI requirements, examples
Infrastructure for machine learning, deep learning and AI has component and configuration requirements. Compare hardware and how ...
Dell partners with Intel, releases file storage for Azure
With the recent Intel and Azure partnerships, Dell continues to expand its on-premises options for AI while expanding its Apex ...
How to install and run Podman on Rocky Linux
Rocky Linux can run and install Podman, an open source Linux tool and competitor to Docker that uses containers to find, run and ...

Gartner's IT services forecast calls for consulting uptick
IT service providers could benefit from a less-constrained tech purchasing climate as enterprises seek to bolster in-house skills...
Use of AI in business drives increase in consulting services
The slice of businesses using external providers for AI uptake is set to more than double, according to U.S. Census survey data. ...
Ukraine IT services firms target new markets as exports drop
Ukrainian IT services firms are eyeing new geographic markets and exploring digital transformation as the war and a difficult ...

Close