This chapter discusses three varieties of firewalls. The topics of this chapter are:
A firewall can be a software, hardware, or software/hardware solution that keeps specific kinds of traffic from entering or exiting your network, except through approved channels. The methods discussed in this chapter are packet filtering, proxy service, and network address translation.
Packet filtering firewalls
A packet filtering router discards packets bound for ports or IP addresses that are considered forbidden by your network policy. The text makes a point that you need a network security policy, else you have nothing to implement with the router. A software solution for this sort of firewall may use a list of forbidden web sites that your network users are not allowed to access.
Bastion host firewalls
Bastion host firewalls are described as fortified servers. The fortification seems to be that they are stripped of all services but those necessary to provide whatever access your security policy allows. Two versions of a bastion firewall were described in a previous text:
Network Address Translation (NAT) services run on routers that provide the interface between your private network and the Internet. As the text explains, the router prevents access to your network by being the only device that has a registered IP address. All traffic on your network that is bound for the Internet is received by the NAT router, and sent to the Internet with the router's address. The router may track which traffic is associated with which device on your network by assigning a logical port to each device it services.