A firewall is a device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules.
- A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the Internet to protect against attacks from Internet hosts. A network firewall is created by installing two interfaces on a central network device: one interface connects to the private network, and the other interface connects to the external network.
- A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the Internet from a public location.
Firewalls use filtering rules, sometimes called access control lists (ACLs), to identify allowed and blocked traffic. A rule identifies characteristics of the traffic, such as:
- The interface the rule applies to
- The direction of traffic (inbound or outbound)
- Packet information such as the source or destination IP address or port number
- The action to take when the traffic matches the filter criteria
Windows includes a host-based firewall that you can configure to protect your system from network attacks.
- By default, the firewall allows all outgoing Web traffic and responses but blocks all incoming traffic.
- Configure exceptions to allow incoming traffic. You can allow traffic based on the protocol and port number, or you can allow specific applications through the firewall.
- When you turn on the firewall, you can block all incoming connections or allow exceptions. If all incoming connections are blocked, any defined exceptions are ignored.
When defining firewall rules, you should be aware of the following port numbers for common network protocols:
|File Transfer Protocol (FTP)||20 TCP
|Secure Shell (SSH)||22 TCP and UDP|
|Simple Mail Transfer Protocol (SMTP)||25 TCP|
|HyperText Transfer Protocol (HTTP)||80 TCP|
|Post Office Protocol (POP3)||110 TCP|
|Internet Message Access Protocol (IMAP4)||143 TCP and UDP|
|HTTP with Secure Sockets Layer (SSL)||443 TCP and UDP|