What is a Firewall?
What is a firewall — rule-based traffic filtering, stateful inspection, and NGFW explained with code and networking interview practice.
Expected Interview Answer
A firewall is a network security system that monitors and controls incoming and outgoing traffic based on a defined set of rules, sitting between a trusted internal network and an untrusted external network like the internet.
Firewalls inspect packets against rules built from source and destination IP addresses, ports, and protocols, and either allow or block traffic accordingly. Packet-filtering firewalls check headers only, stateful firewalls track the state of active connections so return traffic is recognized automatically, and next-generation firewalls add deep packet inspection, intrusion prevention, and application awareness. Firewalls can run as dedicated hardware appliances at a network perimeter, as software on an individual host, or as managed cloud security groups. Interviewers use this question to check you understand firewalls as a rule-based traffic gatekeeper, not an all-purpose security solution.
- Blocks unauthorized inbound and outbound traffic
- Segments trusted networks from untrusted ones
- Logs traffic for auditing and intrusion detection
- Enforces least-privilege access at the network boundary
AI Mentor Explanation
A firewall is like the security gate at a stadium that checks every ticket against a guest list before letting a person onto the ground — only fans with a valid, pre-approved ticket for that match get through, and everyone else is turned away at the barrier. Stateful firewalls are like a gate that remembers who already went in for a bathroom break, so it lets them back in without re-checking the ticket. If the rule list is wrong, either genuine fans get blocked or troublemakers slip through, which is exactly the risk of a misconfigured firewall.
Step-by-Step Explanation
Step 1
Define rules
Administrators set allow/deny rules based on IP, port, and protocol.
Step 2
Inspect traffic
Each packet or connection is checked against the rule set as it crosses the boundary.
Step 3
Track state
Stateful firewalls remember established connections so return traffic is auto-permitted.
Step 4
Log and enforce
Matching traffic is allowed or dropped, and the decision is logged for auditing.
What Interviewer Expects
- Firewall as a rule-based traffic gatekeeper at a network boundary
- Distinction between packet-filtering, stateful, and next-generation firewalls
- Understanding that firewalls filter by IP, port, and protocol
- Awareness that firewalls are one layer of defense, not a complete security solution
Common Mistakes
- Claiming a firewall stops all attacks including application-layer exploits
- Confusing firewalls with antivirus or malware scanners
- Not knowing the difference between stateless and stateful filtering
- Forgetting firewalls can filter outbound traffic, not just inbound
Best Answer (HR Friendly)
“A firewall is like a security checkpoint for network traffic — it checks every connection against a set of rules and only lets through what is explicitly allowed, blocking everything else. It is one of the first layers of defense that keeps unauthorized traffic from reaching internal systems.”
Code Example
# Allow established/related connections back in
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH only from a trusted subnet
iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport 22 -j ACCEPT
# Allow inbound HTTPS from anywhere
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Drop everything else by default
iptables -A INPUT -j DROPFollow-up Questions
- What is the difference between a stateful and stateless firewall?
- How does a web application firewall differ from a network firewall?
- What is a DMZ and why place servers there?
- How do security groups in the cloud compare to traditional firewalls?
MCQ Practice
1. What does a stateful firewall track that a packet-filtering firewall does not?
Stateful firewalls track connection state so return traffic for an established session is auto-permitted.
2. Which of these is typically checked by a basic packet-filtering firewall rule?
Packet filtering matches header fields like source/destination IP, port, and protocol.
3. A next-generation firewall adds which capability over a basic packet filter?
Next-generation firewalls inspect packet contents and application context, not just headers.
Flash Cards
Firewall in one line? — A rule-based gatekeeper that allows or blocks network traffic at a boundary.
Stateful vs stateless firewall? — Stateful tracks connection state; stateless checks each packet independently.
What does a firewall rule usually match? — Source/destination IP, port, and protocol.
Does a firewall replace antivirus? — No — it filters network traffic, it does not scan for malware inside files.