Back to Security Pattern Catalog
Packet Filter Firewall
: Exterior Security, Information Disclosure
Malicious users might try to attack the local network through their IP-level payloads.
How can the malicious hosts be identified?
Intercept all traffic at the single access point and filter them based on the ingress/egress security policy. Packets coming from un-trusted sources are rejected. The malicious un-trusted users are determined from a set of rules that implement the security policies of the institution. An outside host can only access the LAN if some rule exists authorizing traffic from its address.
OpenBSD packet filtering firewall, Linux Firewall.
Single Access Point, Stateful Firewall, Network Address Blacklist, Demilitarized Zone
Firewall, Filtering, Access Control
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz