# Firewall A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predefined rules. It acts as a barrier between trusted internal networks and untrusted external networks, deciding which packets to allow, block, or drop. Firewalls can be hardware appliances, software running on servers, or cloud-based services. Firewalls operate at different layers. Packet-filtering firewalls inspect individual packets based on IP addresses, ports, and protocols. Stateful firewalls track connection states, allowing return traffic for established connections. Application-layer firewalls understand protocols like HTTP and can filter based on content. Modern firewalls often combine these approaches with intrusion detection and deep packet inspection. On Linux, the kernel's netfilter framework provides firewall capabilities, traditionally configured through iptables and now nftables. User-friendly frontends like [[Uncomplicated Firewall (UFW)]] on Ubuntu or firewalld on RHEL/Fedora simplify rule management. For [[Self-hosting]], a properly configured firewall is essential—expose only necessary ports and deny everything else by default. Combined with [[Fail2Ban]] for dynamic blocking, firewalls form the perimeter defense layer. ## Related - [[Simplewall (Firewall)]] - [[Fort (Firewall)]] - [[Uncomplicated Firewall (UFW)]] - [[Fail2Ban]] - [[Self-hosting]] - [[Secure Shell (SSH)]] - [[Zero Trust Security]] - [[Linux]]