How Does A Firewall Work?

If you have a PC, then you no doubt have a firewall. Firewall software has long been a standard security practice since its implementation over fifteen years ago, and today, remain as one of the first lines of crucial defense against malware intrusions. You’ll also discover they’re widely adopted for internal networks, ranging from schools, libraries, and private companies.

But while a firewall for most is a simple “turn on or off” of function, there’s a lot going on under the electronic hood. Whether you’re curious or want to know how does a firewall work, read on, we’ll quickly breakdown the ins-and-outs of firewalls.

What Is A Firewall

First, let’s start with the basics. What is a firewall? It’s a type of program blocking unauthorized access to and from a network. It’s to make sure malicious third parties can’t steal information from a system or see what that system does when connected to the internet. Think of it like curtains and locks to a building. There are different kinds, like software firewalls, stateful firewalls, and hardware firewalls.

How Does It Work

Sounds good so far, right? Firewalls are standard on PC systems, LANs, and private networks. But how do they go about stopping intruders or malware? There are – as you can imagine – several layers to this, so we’ll try to break it down without it getting too confusing.

For starters, firewalls will block incoming connections (also called “packets”) by analyzing them. A firewall will check each packet and, if it meets filter criteria, either blocks or allows it. Generally, firewall software has preexisting criteria to shield against obvious intrusion attempts, like websites laced with malware, hijacking software, and unknown connections. But, firewalls also allow for custom filters too, which can block access/packets even if they weren’t originally predefined.

For an individual system, this is a standard security measure. A PC running anti-virus and responsible won’t typically need more than that. However, when dealing with organizations – like a business – with dozens, possibly hundreds of connections, things get complicated.

Imagine a company with at least one hundred systems connected to the net and its local network. With no firewall in place, savvy third-parties can poke around and steal outgoing information, or gain access to networks. Networks like say, accounting. Information is lost and, well, you get the idea – it gets ugly.

So, a firewall is established to monitor each connection. Each connection will have rules, the criteria we mentioned beforeThe rules will all vary based on the users and connections, defined by IT management. Here’s an example:

Remote access is granted to a set of computers in the company network, which allows IT specialists to access the systems to provide assistance. Access is granted based on the rules set, such as the Protocol, IP source, and ports.


We’ve mentioned the term “packets” a few times. This is a way of referring to TCP Packets (Transport Control Protocol) packets. Think of them like little boxes which contain information. The info can contain all sorts of things, like message content, media, destination addresses, and receiving addresses. The traffic flow is what needs to get to the receiving system, and it’s the firewall that checks a packet for any problems or additional data which it filters for.

There are typically three methods used:

  • Proxy Service Filtering – Data sent from a network and/or the internet is accessed by the firewall first, then sent to the requester and requesting system.
  • Packet Filtering – Packets are analyzed and filtered based on established criteria. Said criteria will vary based on the needs of network security but always targets malicious data.
  • Stateful Inspection – A process where packets are compared to a large database of predetermined filters/flags. This is done instead of analyzing each incoming/outing going packet. If data does not meet certain criteria, it’s blocked.

Firewall Rules and Customization

While it’s a dense topic on its own, firewalls can be deeply customized for individual computers or networks. This customization can determine what a firewall blocks or allows. This is accomplished through a series of different characteristics, which we’ll quickly rundown here:

  • Domain Name – Also a website name, a firewall can filter/block specific domains when added to its blacklist, usually stopping access to web zones with unsafe and malicious material.
  • IP Address – The ID of a computer, device, and any connecting machine to the internet. A firewall can block/allow certain IP addresses access to a network.
  • Port – Servers open its hosting services to connecting machines through ports. The port number varies based on the server it’s run on, such as an HTTP server. Firewalls can block access to specific ports or multiple ones (ex: port 100-1000).
  • Keywords – In some cases, a firewall can target keywords, phrases, or terms to highlight possible red flags. For example, a company may not want its staff to watch unrelated media at work (like YouTube) so terms related to the address can be blocked.

As a bonus, firewalls are also found on hardware devices, switches, and routers, which can be customized by IT specialists. This is good for developing “layered” networks (where access is sectioned off based on staff and their job type).

When successful, a firewall blocks a whole slew of nasty viruses, bugs, and hijacking attempts. They can stop intrusions like DoS (denial of service) attacks, malware, backdoor hacks, spam, spyware, and a whole lot more.


Now you have a better grasp on how a firewall works. It gets vastly more complex than what we’ve listed thus far, and there are even smart and hybrid firewalls available for businesses. But, all work from the same basic principle: an established defense which can filter out harmful connections, websites, and packets. When combined with other robust cybersecurity measures, it creates the foundation for a protected system and network.

If you’re interested in firewall services or want to learn more, you can contact us at Executech for additional information. We have a variety of services available and look forward to your call!

To learn more about protecting you and your business from cybersecurity threats, check out our Ultimate Guide To Cybersecurity!

The Ultimate Guide To Cybersecurity

Related Insights