Firewall Configuration 101: How to Make Your Own Firewall

Are you concerned about the security of your home network? With cyber threats on the rise, it’s essential to have a robust defence mechanism in place. A firewall is one of the most effective tools for securing your network. This article will explore the intricacies of firewall configuration and how you can easily create your firewall using open-source software.

What Is a Firewall, and Why Do You Need One?

Before de-mystifying firewall configurations, we must first learn what a firewall is. A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It is a barrier between your internal network and the outside world, protecting your devices from unauthorised access and malicious activities.

Why Do You Need a Firewall?

You need a firewall to protect your computer or network from unauthorised access and malicious attacks. Before diving into the types of firewall configuration, Here’s a breakdown of why you need a firewall:

1. Acts as a Gatekeeper: A firewall monitors incoming and outgoing network traffic, blocking malicious attempts to access your system.
2. Prevents Unauthorised Access: It prevents unauthorized users from entering your network and accessing sensitive data.
3. Protects Against Malware: Firewalls can help prevent malware, such as viruses and spyware, from entering your network.
4. Enhances Privacy: A firewall limits access to your network to help protect personal information from being exposed to unauthorised individuals.
5. Complies with Regulations: Many businesses and organizations are required to have firewalls in place to comply with data protection regulations.

While a firewall is a crucial security measure, it’s important to note that it’s not a completely foolproof solution. It’s best used with other security practices, such as strong passwords, regular software updates, and antivirus protection.

Types of Firewall Configuration

Various firewall configurations include packet filtering, stateful inspection, proxy-based, and next-generation firewalls. Each firewall configuration offers different levels of security and functionality, catering to diverse network requirements. In this section, we will explore each firewall configuration, what it does and what it offers you.

Packet Filtering

Packet filtering is a network security technique that examines individual packets of data passing through a network interface and determines whether to allow or block them based on predefined rules. These rules are typically defined in a firewall configuration and can be based on various factors, such as the source and destination IP addresses, ports, protocols, and other packet headers.

What Protection Does It Offer?

This type of firewall configuration can protect a network from various threats, including:

1. Unauthorised access: It can prevent unauthorized users from accessing network resources by blocking packets from unknown or malicious sources.
2. Denial of service (DoS) attacks: It can mitigate DoS attacks by blocking excessive traffic from a single source or multiple sources.
3. Malware: It can help prevent malware from entering the network by blocking packets containing malicious code.
4. Data exfiltration: It can help prevent sensitive data from being exfiltrated from the network by blocking unauthorised outbound traffic.

What Is It Good for?

Packet filtering is a valuable tool for network security. It is well-suited for protecting networks of all sizes. It is particularly effective at blocking basic attacks and protecting against unauthorised access.

Does Packet Filtering Have Vulnerabilities?

While packet filtering is a powerful security tool, it does have some limitations and vulnerabilities:

1. Evasion: Attackers can sometimes evade packet filtering by modifying the packet headers to bypass the filtering rules.
2. Bypass: Attackers can sometimes bypass packet filtering by using alternative protocols or techniques not covered by the filtering rules.
3. Complexity: Configuring packet filtering rules can be complex, and mistakes can lead to security vulnerabilities.

Stateful Inspection

As one of many firewall configurations, stateful inspection is a network security technique beyond simply examining individual data packets. It tracks the ongoing state of network connections, allowing it to make more informed decisions about whether to allow or block traffic.  

What Protection Does It Offer?

Stateful inspection offers several advantages over traditional packet filtering:  

1. Improved detection: By understanding the context of network connections, stateful inspection can better detect and block malicious activities like unauthorized access, DoS attacks, and malware.  
2. Enhanced security: It can prevent attacks that exploit the state of connections, such as session hijacking and spoofing.  
3. Reduced false positives: Because it considers the entire context of a connection, stateful inspection can reduce the number of legitimate packets that are mistakenly blocked.  

What Is It Good For?

Stateful inspection is a valuable tool for protecting networks of all sizes. It is particularly effective at defending against more sophisticated attacks that exploit the dynamics of network connections.  

Does It Have Vulnerabilities?

While this firewall configuration is a significant improvement over traditional packet filtering, it is not without its limitations:  

1. Complexity: Configuring stateful inspection rules can be more complex than packet filtering, requiring a deeper understanding of network protocols and security principles.  
2. Resource consumption: Stateful inspection can consume more system resources than packet filtering, especially in high-traffic environments.
3. Evasion: Attackers may find ways to evade stateful inspection by exploiting vulnerabilities in the implementation or using techniques that are not easily detected.

Application-Level Gateways (Proxies)

Application-level gateways (Proxies) are network security devices operating at the OSI model’s application layer. They act as intermediaries between clients and servers, intercepting, inspecting, and managing the traffic between them. Unlike traditional firewall configurations, which primarily inspect packet headers, Application-Level Gateways perform deep packet inspection, analysing both the headers and the payload (content) of the packets. This allows them to enforce more granular security policies.

What Protection Does It Offer?

This unusual firewall configuration provides solid protection on various network levels. We can include the following as examples:

1. Malware Prevention: Application-level gateways can detect and block malicious content, such as viruses, worms, and spyware, by examining the actual content of network traffic. This helps prevent malware from reaching internal systems.
2. Data Loss Prevention (DLP): By inspecting outgoing traffic, ALGs can prevent the unauthorized exfiltration of sensitive data. They can enforce policies to protect confidential information and ensure compliance with data protection regulations.
3. Web Filtering: ALGs can block access to harmful or inappropriate websites by filtering web traffic based on content and URL, protecting users from malicious sites and inappropriate content.
4. Intrusion Detection and Prevention: While not typically standalone solutions for intrusion detection, ALGs can help identify and block specific application-level attacks, such as SQL injection and cross-site scripting, through detailed traffic analysis.

What Is It Good For?

Although not a typical firewall configuration, ALGs are effective in keeping you secured:

1. Maximum Protection Against Application-Level Attacks: ALGs are particularly effective at defending against attacks that target specific application vulnerabilities, thanks to their deep inspection capabilities.
2. Securing Critical Applications: They are commonly used to protect web servers, email servers, and other critical applications by scrutinizing traffic for threats that exploit application-level weaknesses.
3. Enhanced Security Posture: By providing detailed visibility into network traffic, ALGs can improve an organization’s overall security posture and help enforce security policies more rigorously.

Does It Have Vulnerabilities?

Despite their benefits, ALGs have several vulnerabilities:

1. Performance Overhead: The deep packet inspection required by ALGs can introduce latency and reduce network throughput, particularly in high-traffic environments. This performance overhead can impact user experience and network efficiency.
2. Cost: Advanced ALGs with deep inspection capabilities can be expensive in terms of initial investment and ongoing maintenance costs.
3. Compatibility Issues: Not all applications or protocols may be compatible with ALGs, especially those that use encryption or proprietary formats. Some may evade detection or require additional configuration to work effectively with ALGs.

Next-Generation Firewalls (NGFWs)

Next-Generation Firewalls (NGFWs) are advanced network security devices that combine the traditional firewall functions of packet filtering and stateful inspection with additional features designed to address modern security threats.

What Protection Does It Offer?

NGFWs offer a comprehensive range of security features, including:

1. Deep packet inspection (DPI): NGFWs can examine the contents of packets in detail, allowing them to detect and block malicious content that traditional firewalls may not detect.
2. Application control: NGFWs can control access to specific applications and services, preventing unauthorized use and reducing the risk of attacks.
3. Intrusion prevention system (IPS): NGFWs can detect and prevent attacks targeting specific applications or vulnerabilities in network protocols.
4. Advanced threat protection (ATP): NGFWs can use techniques like sandboxing and machine learning to detect and block advanced threats like malware and ransomware.
5. Data loss prevention (DLP): NGFWs can help prevent sensitive data from being exfiltrated from the network by inspecting outgoing traffic for unauthorized content.

What Is It Good For?

NGFWs are well-suited for protecting modern networks that face various complex threats. They are particularly effective at defending against advanced attacks that exploit vulnerabilities in applications and network protocols.

Does It Have Vulnerabilities?

While NGFWs are powerful security tools, they are not without their limitations:

1. Complexity: Configuring NGFWs requires a deep understanding of network protocols, security best practices, and advanced threat detection techniques.
2. Performance overhead: NGFWs can introduce performance overhead, especially when performing deep packet inspection and other advanced security functions.
3. Evasion: Attackers may find ways to bypass NGFWs by using techniques not detected by the security features.

Cloud Firewalls

Cloud Firewalls are network security services deployed and managed in the cloud. They provide similar protection to traditional firewalls but offer the benefits of scalability, flexibility, and ease of management inherent to cloud-based solutions.

What Protection Does It Offer?

Cloud firewalls offer a range of security features, including:

1. Packet filtering: They can block traffic based on source and destination IP addresses, ports, protocols, and other packet headers.
2. Stateful inspection: They can track the state of network connections to prevent unauthorized access and other attacks.
3. Intrusion detection and prevention (IDP): They can detect and block malicious activities such as unauthorized access, DoS attacks, and malware.
4. Application control: They can control access to specific applications and services, preventing unauthorized use and reducing the risk of attacks.
5. Data loss prevention (DLP): They can help prevent sensitive data from being exfiltrated from the network by inspecting outgoing traffic for unauthorized content.

What Is It Good For?

Cloud firewalls are particularly well-suited for businesses that need a scalable and flexible network security solution. They are often used to protect cloud-based applications and infrastructure and hybrid environments that combine on-premises and cloud resources.

Does It Have Vulnerabilities?

Cloud firewalls are subject to the same vulnerabilities as traditional firewalls, such as misconfiguration and evasion techniques. However, they can also be vulnerable to cloud-specific threats, such as unauthorized access to the cloud provider’s network or data breaches.

Overall, cloud firewalls are a valuable tool for network security, but they should be used in conjunction with other security measures to provide comprehensive protection.

How to Configure a Firewall with pfSense

Configuring a firewall with pfSense, an open-source firewall distribution based on FreeBSD, is an excellent choice for building a robust security infrastructure for your home network. Setting up pfSense involves installing the operating system, configuring the network interfaces, and defining firewall rules to control traffic flow. Its intuitive web interface makes the setup process straightforward, even for users with limited networking experience.

Setting Up Firewall Rules in pfSense

Here’s a step-by-step guide on setting up firewall rules in pfSense:

1. Log in to your pfSense web interface and navigate to Firewall to access the Firewall Rules Page.
2. Click the Add button to start creating a New Rule.
3. Configure Rule Settings:
   • Action: Choose Pass to allow traffic, Block to deny traffic, or Reject to block and send a rejection message.
   • Interface: Select the interface to which the rule applies (e.g., WAN, LAN).
   • Address Family: Choose IPv4 or IPv6.
   • Protocol: Select the protocol to filter (e.g., TCP, UDP, ICMP).
   • Source: Specify the source IP address or network range.
   • Destination: Specify the destination IP address or network range.
   • Destination Port Range: Enter specific port numbers or ranges (e.g., 80 for HTTP, 443 for HTTPS).
   • Description: Add a clear and concise description of the rule’s purpose.
4. Apply Rules:
   • Click Save to create the rule.
   • Click Apply Changes at the top of the page to activate the rule.
5. Additional Considerations:
   • Rule Order: Rules are processed from top to bottom. Place more specific rules above more general ones.
   • Default Deny: Consider enabling a default deny rule at the bottom to block any traffic not explicitly allowed by previous rules.
   • NAT Rules: If you’re using NAT (Network Address Translation), configure appropriate NAT rules in Firewall > NAT.
   • Testing: Thoroughly test your firewall rules before deploying them in a production environment to ensure they function as intended.
6. Advanced Options:
   • Schedule: Set a specific time or date range for the rule to be active.
   • Gateway: Specify a gateway through which traffic can be routed.
   • Log: Enable logging to track rule matches and activity.
   • In/Out: Define whether the rule applies to inbound or outbound traffic.
   • Quick: Use quick options for common rule types (e.g., allowing all traffic from a specific network).

Configuring Port Forwarding in pfSense

pfSense is a popular open-source firewall that offers a wide range of security features. One of its essential functions is port forwarding, which allows you to redirect incoming traffic to specific devices or services on your internal network. This guide will walk you through configuring port forwarding in pfSense, enabling you to securely expose internal services to the internet.

Here’s a guide on configuring port forwarding in pfSense:

1. Access the NAT Page:
   • Log in to your pfSense web interface.
   • Navigate to Firewall > NAT.
2. Create a Port Forward Rule:
   • Click the Add button in the Port Forward tab.
3. Configure Rule Settings:
   • Interface: Select the interface facing the internet (usually WAN).
   • Protocol: Choose TCP, UDP, or both.
   • Destination: Enter the external port or port range to be forwarded.
   • Redirect Target IP: Specify the internal IP address of the device or server you want to expose.
   • Redirect Target Port: Enter the corresponding internal port or port range.
   • Description: Add a clear description of the rule’s purpose.
4. Apply Changes:
   • Click Save to create the rule.
   • Click Apply Changes at the top of the page to activate it.
   • Additional Considerations.
   • Multiple Rules: Create multiple rules for different ports or services as needed.
   • Firewall Rules: Ensure firewall rules allow the forwarded traffic to reach the internal device
   • Static IP: If using a dynamic IP address from your ISP, consider setting up a dynamic DNS service for consistent access.
   • Security: Use port forwarding with caution as it can expose internal services to external threats. Implement strong security measures on the forwarded devices or services.
5. Advanced Options:
   • NAT Reflection: Enable NAT reflection if you want clients on the same network to access forwarded services using the external IP address.
   • Schedule: Set a specific time or date range for the rule to be active.
   • Filter Rule Association: Link a firewall to the port forward rule for more granular control.
   • Testing: Thoroughly test your port forwarding configuration to ensure it functions as intended. Use online port checkers or tools provided by the services you’re forwarding.

Building Your Own Firewall Using FreeBSD

For those interested in a DIY approach to firewall construction, leveraging FreeBSD as the foundation for building a custom firewall presents a compelling option.

1. Installing FreeBSD for Firewall Setup: The first step involves installing and configuring FreeBSD on a dedicated hardware platform, such as a workstation or a compact form factor device with multiple network interface cards (NICs).
2. Configuring Firewall Rules in FreeBSD: Once the operating system is installed, configuring firewall rules using built-in tools or third-party software packages allows you to define the behavior of the firewall according to your security requirements.
3. Utilising Firewall Software Package on FreeBSD: FreeBSD offers a wide range of firewall software packages, such as PF (Packet Filter), which can be integrated with the operating system to provide advanced firewall capabilities, including stateful packet filtering and network address translation.

Understanding the Essential Components of Firewall Configurations

Configuring a firewall involves several critical components that collectively contribute to its effectiveness in protecting your network from external threats.

1. Configuring Network Interfaces in Firewall: Network interfaces, including Ethernet and wireless interfaces, are configured to manage the flow of network traffic, enabling communication between devices while enforcing security policies.
2. Setting Up IP Addresses for Firewall Rules: Assigning IP addresses to devices and defining rules based on these addresses allows the firewall to identify and control the flow of traffic, ensuring that only authorized communication is permitted.
3. Using SSH for Remote Firewall Configuration: Secure Shell (SSH) provides a secure means of remotely accessing and managing the firewall, allowing administrators to configure and monitor the firewall’s behavior from a central location.

Stateful Firewall vs Stateless Firewall: Which Is the Best Fit for Your Needs?

When evaluating firewall options, understanding the differences between stateful and stateless firewalls is crucial in choosing the right solution for your network security requirements.

Differences Between Stateful and Stateless Firewall

A stateful firewall tracks the state of active connections, allowing it to make informed decisions based on the context of traffic flow, while a stateless firewall evaluates each individual packet without considering its relationship to other packets.

Advantages of Using Stateful Firewall in Network Security

Stateful firewalls provide enhanced security by inspecting traffic at the protocol level, enabling them to make intelligent decisions based on the state of connections and the associated application layer data.

Considerations for Implementing Stateless Firewall in Specific Environments

In certain scenarios, such as high-speed network environments, stateless firewalls may offer performance advantages due to their less resource-intensive nature, making them suitable for specific deployment requirements.

By considering these factors and understanding the capabilities of each firewall type, you can make an informed decision regarding the most suitable firewall configuration for your network. Build a Secure Network with Your Own Firewall.

FAQs