Packet Filtering

What is Packet Filtering?

Packet filtering is a process that network devices use to decide whether a data packet should be dropped or forwarded to its next destination. Firewalls, routers, and a wide variety of other network devices use packet filtering to enforce security policies and optimize network performance.

Packet filtering may also be referred to as static filtering because it compares metadata in a packet’s header with static rules that are arranged in a specific order. This type of filtering is easy to implement and is often used in conjunction with other processes that can understand the context or examine the actual content of packets, not just the headers.

Table of Contents Table of Contents

1. What is Packet Filtering?
2. Key Takeaways
3. How Packet Filtering Works
4. Packet Filtering Rules
5. Stateless Packet Filtering Firewalls vs. Stateful Firewalls
6. Type of Packet Filtering Firewalls
7. Firewalls vs. Proxy Servers vs. VPNs
8. Other Use Cases for Packet Filtering
9. Packet Filtering Pros and Cons
10. The Bottom Line
11. FAQs
12. References

Show Full Guide

Table of Contents

1. What is Packet Filtering?
2. Key Takeaways
3. How Packet Filtering Works
Show Full Guide
4. Packet Filtering Rules
5. Stateless Packet Filtering Firewalls vs. Stateful Firewalls
6. Type of Packet Filtering Firewalls
7. Firewalls vs. Proxy Servers vs. VPNs
8. Other Use Cases for Packet Filtering
9. Packet Filtering Pros and Cons
10. The Bottom Line
11. FAQs
12. References

How Packet Filtering Works

When a packet arrives at a network device that uses packet filtering, the device’s software inspects the packet’s header.

The following image shows the basic structure of an IPv4 header as defined in RFC 791.

If the information in the header matches a predetermined rule that allows packet transmission, the entire packet is forwarded to its next destination. If the header contains information that matches a discard rule, however, the entire packet is dropped.

If the packet header does not match any rule, the network device may either drop the packet or allow it, depending on the default policy set by the device’s manufacturer or a network administrator.

Packet Filtering Rules

The specific order and content of packet filtering rules are highly customizable and depend on the organization’s security policies, network architecture, and risk tolerance. The idea is to prioritize rules that ensure essential services can function while effectively blocking known threats.

In most cases, packet filtering operates on a “first-match” basis. This means the network device checks the packet against rules that are listed in a specific order. Once a rule is matched, that action is taken and no further rules are checked.

Depending on how the rules are written, however, multiple conditions may need to be met for the network device to forward a packet. For example, if a rule specifies that traffic from a particular IP address is only allowed if it uses a specific protocol, both conditions must be met.

Stateless Packet Filtering Firewalls vs. Stateful Firewalls

Technically, firewalls that use packet filtering can be stateless or stateful.

Most early firewalls were stateless. They examined each packet header independently and were not able to understand how one packet related to another. This approach to network security worked well until attackers developed techniques that could exploit the lack of context, like IP spoofing and session hijacking.

Today, most firewalls are stateful. They still examine packet headers, but they can also understand the context by keeping track of network connections going through the firewall.

Type of Packet Filtering Firewalls

Newer types of firewalls often incorporate packet filtering as one element within a broader, multi-layered security approach.

Firewalls vs. Proxy Servers vs. VPNs

Firewalls, proxy servers, and virtual private networks (VPNs) all use packet filtering, but because each type of network device serves a different function, they all use it in slightly different ways.

For example, proxy servers can use packet filtering to identify frequently accessed content and cache it to improve network performance, while the best VPNs can use packet filtering to implement split tunneling. Split tunneling can improve network performance by routing specific types of traffic through the VPN tunnel and forwarding other types of traffic directly to the Internet.

Other Use Cases for Packet Filtering

Packet filtering can also play an important role in network segmentation. When administrators divide a large network into segments or network zones, basic packet filtering software can be used to prevent certain types of traffic from crossing segments.

Packet filtering can also be used in remote access control. For example, organizations can set up a packet filtering firewall with rules that only allow certain IP addresses or subnet ranges to access certain internal services.

In each of these use cases, packet filtering provides a straightforward, efficient way to enforce security and traffic management policies while keeping the network infrastructure relatively simple.

Packet Filtering Pros and Cons

Packet filtering is a valuable tool for basic network security and traffic management. However, it’s important to be aware of its limitations.

The Bottom Line

When it comes to packet filtering definitions, the bottom line is that while packet filtering is often associated with firewalls, a wide variety of network devices use packet headers to allow or deny packet throughput.

FAQs