Firewall rules definition
Firewall rules are policies used in network security to control network traffic. They are a set of configurations that determine whether to allow or block incoming and/or outgoing traffic. System administrators create firewall rules according to the organization’s security policy and regularly review and update them to ensure they continue to provide effective security as the network and threat landscape change.
See also: firewall
How firewall rules are established
A firewall rule may be based on several factors, including:
- IP addresses. The rule may specify source and/or destination IP addresses. For example, a rule might allow traffic from a certain range of IP addresses while blocking all others.
- Ports. The rule could allow or deny traffic depending on the network ports and protocols (TCP, UDP, ICMP, etc.). For instance, if a server is only intended to serve web traffic, it might only allow traffic on TCP ports 80 (HTTP) and 443 (HTTPS) while blocking all other ports.
- Direction. Firewalls can control inbound (incoming) and outbound (outgoing) network traffic. Rules can be set to control both directions.
- Content. Advanced firewalls can inspect the content of network traffic and allow or deny traffic based on this. For example, a rule could block traffic that contains malicious content.