Packet Filtering Router

Definition:

• A packet filtering router is a network device that controls the flow of data packets based on a set of rules defined by the network administrator. These rules specify whether to allow or block packets based on information in the packet headers, such as IP addresses, port numbers, and protocols.

How It Works:

• Rule-Based Filtering: Uses static rules to inspect packet headers and make forwarding decisions.
• Criteria for Filtering: Filters packets based on source and destination IP addresses, source and destination port numbers, and protocols (e.g., TCP, UDP, ICMP).

Features:

• Stateless: Does not maintain information about the state of connections. Each packet is treated independently.
• Simplicity: Easier to configure and manage due to its straightforward rule-based approach.
• Speed: Generally faster due to less processing overhead.

Limitations:

• Lack of Context: Cannot track the state of connections, making it less effective against certain types of attacks (e.g., session hijacking).
• Limited Security: Provides basic filtering and is susceptible to spoofing attacks, where attackers forge IP addresses to bypass filters.
• No Inspection of Payload: Only inspects headers, not the payload, which limits its ability to detect application-level attacks.

Example Use Case:

• Suitable for small networks or as a first line of defence in larger networks where basic filtering is sufficient.