Trusted answers to developer questions

What are packet filter rules?

Get the Learn to Code Starter Pack

Break into tech with the logic & computer science skills you’d learn in a bootcamp or university — at a fraction of the cost. Educative's hand-on curriculum is perfect for new learners hoping to launch a career.

A packet is a small chunk of a relatively larger message or piece of data. Data is transmitted over a network, such as the internet, in little packets to ensure reliability and efficiency.

To block the delivery of unwanted inbound packets, firewalls employ packet filtering.

A firewall is a device that inspects inbound packets. It can block or permit any packet, depending on the access control rules used to configure it.

The header of most packets contains details such as source and destination ports, IP addresses, and protocol names. To apply packet filtering, we only need to know the source and destination IP addresses and ports.

Implementation

A firewall may be implemented inside of the router. The set of rules used by the firewall to determine whether or not an inbound packet should be accepted is known as the access control policy.

An inbound packet is any packet whose IP address is external to the network of the destination IP address

Each access control or packet filtering rule is applied to each inbound packet. The packet is either denied or permitted by the firewall. A denied packet is dropped, and a permitted packet is transmitted to the machine with its corresponding source IP address.

A packet filtering rule contains the following fields:

  • Action - Can be either deny or allow.
  • Protocol - Name of transmission protocol, such as TCP.
  • SRC/DST IP - IP address of sender or receiver.
  • SRC/DST Port - Port of sender or receiver.

Format

The following format is used to write a packet filtering rule:

Example

The packet filtering rule below will deny any packet sent by an external user with IP address 192.168.1.5 from source port 1123 to an internal user with IP 512.412.5.2 at port 1232.

Example 1.

On the contrary, the following rule below will allow any packet sent by an external user with IP address 192.168.1.5 from source port 1123 to an internal user with IP 512.412.5.2 at port 1232:

Example 2.
Question

To test your understanding of packet filter rules, examine the packet filter rule below and determine which packets will it permit.

allow tcp 192.168.1.5: * -> 512.412.5.2:1232

The asterisk symbol * denotes all values.

Show Answer

RELATED TAGS

packet
filtering

CONTRIBUTOR

Rukhshan Haroon
Copyright ©2024 Educative, Inc. All rights reserved
Keep Exploring
Related Courses

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

Copyright ©2024 Educative, Inc. All rights reserved.

soc2
Did you find this helpful?