A firewall is a system that is set up to control traffic flow between two networks. Firewalls are most commonly specially configured Unix systems, but firewalls have also been built out of many other systems, including systems designed specifically for use as firewalls. The most common commercial firewall today is CheckPoint FireWall-1, but competitors such as Cisco's PIX are quickly catching up on CheckPoint.
Many people disagree on the definition of a firewall, and in this discussion I will use the term loosely.
The Packet Filtering Firewall
One type of firewall is the packet filtering firewall. In a packet filtering firewall, the firewall examines five characteristics of a packet:
* Source port
* Destination IP address
* Destination port
* IP protocol (TCP or UDP)
Based upon rules configured into the firewall, the packet will either be allowed through, rejected, or dropped. If the firewall rejects the packet, it sends a message back to the sender letting him know that the packet was rejected. If the packet was dropped, the firewall simply does not respond to the packet. The sender must wait for the communications to time out. Dropping packets instead of rejecting them greatly increases the time required to scan your network. Packet filtering firewalls operate on Layer 3 of the OSI model, the Network Layer. Routers are a very common form of packet filtering firewall.
An improved form of the packet filtering firewall is a packet filtering firewall with a stateful inspection engine. With this enhancement, the firewall "remembers" conversations between systems. It is then necessary to fully examine only the first packet of a conversation.
The Application-Proxy Firewall
Another type of firewall is the application-proxy firewall. In a proxying firewall, every packet is stopped at the firewall. The packet is then examined and compared to the rules configured into the firewall. If the packet passes the examinations, it is re-created and sent out. Because each packet is destroyed and re-created, there is a potential that an application-proxy firewall can prevent unknown attacks based upon weaknesses in the TCP/IP protocol suite that would not be prevented by a packet filtering firewall. The drawback is that a separate application-proxy must be written for each application type being proxied. You need an HTTP proxy for web traffic, an FTP proxy for file transfers, a Gopher proxy for Gopher traffic, etc... Application-proxy firewalls operate on Layer 7 of the OSI model, the Application Layer.
The Application-Gateway Firewall
Application-gateway firewalls also operate on Layer 7 of the OSI model. Application-gateway firewalls exist for only a few network applications. A typical application-gateway firewall is a system where you must telnet to one system in order telnet again to a system outside of the network.
The SOCKS Firewall
Another type of application-proxy firewall are SOCKS firewalls. Where normal application-proxy firewalls do not require modifications to network clients, SOCKS firewalls requires specially modified network clients. This means you have to modify every system on your internal network which needs to communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLL's.
How does Firewall Protection Work?
Firewall protection works by blocking certain types of traffic between a source and a destination.
All network traffic has a source, a destination, and a protocol. This protocol is usually TCP, UDP, or ICMP.
If this protocol is TCP or UDP, there is a source port and a destination port. Most often the source port is a random port and the destination port is a well-known port number. For example, the destination port for HTTP is 80 and the destination port for DNS is 53.
If the protocol is ICMP, there is also an ICMP message type. The most common ICMP message types are Echo Request and Echo Reply.
Firewall protection works by allowing the network security administrator to choose which protocols and ports or message types to allow -- and which ones to deny.
Firewall Protection: Denying Inbound
Most firewall configurations should deny all inbound traffic to all internal IP addresses.
Servers which must accept incoming connections should be placed on a DMZ network.
Modern firewalls will allow packets to come into the network which are responses to outbound traffic. What this means is that if you connect to a web server across the Internet, the firewall will automatically allow the responses from the web server to return to you.
Inbound restrictions are the main security value provided by firewalls.
Firewall Protection: Denying Outbound
Some network security administrators deny outbound traffic.
This is most often done to restrict users to approved protocols and prevent them from using unapproved protocols. This usually means preventing users from using online chat systems or preventing them from sending outbound e-mail.
Outbound restrictions are often vulnerable to work-arounds. These work-arounds require time and effort on the part of the network user, which limits the number of users who can utilize unapproved protocols. Outbound restrictions seldom, if ever, work entirely as designed.
Example Firewall Protection: Denying Inbound `ping`
The `ping` command sends out ICMP Echo Request messages and expects ICMP Echo Reply messages in response.
If you configure a firewall between the source and the destination to block ICMP Echo Request messages from the source to the destination, the `ping` command will fail.
Similarly, if you configure a firewall between the source and the destination to block ICMP Echo Reply messages from the destination to the source, the `ping` command will also fail.
The `ping` command can allow a potential attacker to map your network. Disabling inbound Echo Request messages prevents the use of the `ping` command to map your network.
Example Firewall Protection: Blocking Outbound E-mail
Internet e-mail uses the SMTP protocol. SMTP servers answer on TCP port 25.
If you block outbound TCP port 25 from your network, users will not be able to send outbound e-mail -- except through your approved e-mail servers.
However, a sophisticated user who operates their own mail server could configure their mail server to respond on another port, in addition to port 25. This would be an effective work-around your security policy.
Where can I Download a Free Firewall?
Free firewalls have become very common and represent an excellent alternative to commercial firewall packages.
Most of these firewalls run under some form of Linux, FreeBSD, or OpenBSD.
Many of these free firewalls are front-ends for the lower-level firewall packages which ship with these operating systems, such as pf (Packet Filter), ipf (IPFilter), ipfw (IPFirewall), and iptables.
just google it for some cheap or free firewalls....
Andhra Hackers , Indian Hackers , Indian Cyber Warriors , Ethical Hackers Forum 
