Interactive Lab

Network Security Module

🧱 Firewall Simulator

Understand how packet filtering firewalls work. Configure rules, test packets, and visualize how traffic flows through your security perimeter.

5 Active Rules

Interactive Simulation

What is a Firewall?

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between trusted internal networks and untrusted external networks (like the internet).

Packet Filtering

Inspects headers (IP, port, protocol) against ACL rules. Stateless — no connection tracking.

Stateful Inspection

Tracks connection state (TCP handshake). Only permits packets belonging to valid sessions.

Proxy Firewall

Terminates and re-establishes connections. Inspects application-layer data.

Next-Gen Firewall

Combines firewall with IPS/IDS, DPI, app awareness, and threat intelligence.

Packet Filtering Simulator

Internet

Firewall

Internal Network

Firewall Rules (5/5 active)

#	Source IP	Dest IP	Protocol	Port	Action	Label
1	192.168.1.0/24	Any	Any	Any	ALLOW	Trusted internal network
2	Any	Any	Any	Any	ALLOW	Established connections
3	Any	Any	TCP	80,443	ALLOW	HTTP/HTTPS outbound
4	Any	Any	Any	Any	BLOCK	Default deny all inbound
5	10.0.0.5	Any	TCP	22	ALLOW	Admin SSH access

Test Packet

Source IP

Destination IP

Protocol

Port

Quick Select

Results & Statistics

Configure a packet and click "Send Packet" to test the firewall rules.

Allowed

Blocked

Firewall Types

Packet Filtering

Examines packet headers (source/dest IP, port, protocol) and matches against rules. Operates at Layer 3-4.

✅ Pros

• Fast and efficient
• Low resource usage
• Simple to configure

❌ Cons

• No application awareness
• Cannot detect fragmented attacks
• No state tracking

Example

ACL on a router allowing HTTP traffic from any source to web server on port 80.

Stateful Inspection

Tracks connection state (SYN, SYN-ACK, ACK) and only allows packets belonging to established sessions. Layer 4.

✅ Pros

• Connection-aware filtering
• Better security than packet filtering
• Prevents SYN flood attacks

❌ Cons

• Higher resource usage
• Vulnerable to state table exhaustion
• No deep packet inspection

Example

A firewall tracking TCP handshake and allowing return traffic for outbound connections only.

Proxy Firewall

Acts as an intermediary, terminating connections and re-establishing them. Inspects application-layer data. Layer 7.

✅ Pros

• Deep packet inspection
• Hides internal network structure
• Content filtering possible

❌ Cons

• Significant latency
• Resource intensive
• Must understand each protocol

Example

An HTTP proxy that inspects GET/POST requests and blocks SQL injection payloads.

Next-Gen Firewall (NGFW)

Combines traditional firewall with IDS/IPS, deep packet inspection, application awareness, and threat intelligence.

✅ Pros

• Application-level control
• Integrated IPS/IDS
• Encrypted traffic inspection

❌ Cons

• Very expensive
• Complex configuration
• Potential throughput bottleneck

Example

Palo Alto or Fortinet firewall blocking TikTok traffic while allowing YouTube, based on application ID.

Firewall Best Practices

Principle of Least Privilege

Only allow traffic that is explicitly required. Default-deny everything else.

Rule Order Matters

Place more specific rules at the top. Firewalls evaluate rules sequentially — first match wins.

Log and Monitor

Enable logging for blocked traffic. Review logs regularly to detect intrusion attempts.

Regular Audits

Review and clean up unused or overly permissive rules every quarter.

Defense in Depth

Combine firewalls with IDS/IPS, endpoint protection, and network segmentation.

Interview Questions

Q1: What is the difference between a stateless and stateful firewall?

A stateless (packet filtering) firewall examines each packet independently without context of the connection. A stateful firewall tracks connection state (TCP handshake, sequence numbers) and makes decisions based on the entire session context, providing stronger security.

Q2: Explain the default-deny principle in firewall rules.

Default-deny means all traffic is blocked unless explicitly allowed by a rule. This ensures only known, authorized traffic passes through, minimizing the attack surface. The last rule in any firewall rule set should be 'deny all'.

Q3: What is a DMZ and how does it relate to firewall architecture?

A DMZ (Demilitarized Zone) is a network segment that sits between the internal network and the internet, typically using a three-legged firewall. Public-facing servers (web, email, DNS) are placed in the DMZ so that if compromised, the attacker still cannot reach the internal network directly.

Q4: How does a firewall handle fragmented IP packets?

Stateless firewalls may struggle with fragmentation — they see only individual fragments and may allow malicious fragments through. Stateful firewalls can reassemble fragments or block non-initial fragments that don't match a known connection. NGFWs with DPI can fully inspect reassembled packets.

Q5: What is an application-layer firewall and when would you use one?

An application-layer (proxy) firewall inspects the payload of packets, not just headers. It understands protocols like HTTP, FTP, SMTP. Use it when you need to filter content (block specific URLs, scan for malware), prevent protocol-specific attacks, or hide internal IP addresses through NAT.

Back to Security Topics