A packet filter firewall is a device that inspects each packet for pre-defined content and requires extensive knowledge of TCP/IP. Engineers usually filter packets at the external router or screening router[1], which discards certain types of activity entirely. Although it does not provide error-proof protection, packet filters and/or screening routers are normally the first line of defense for a firewall strategy.
Packet filters
How packet filters work
Packet filters are text files composed of sequential rules that either allow or block the packet.
Packet filters are read and then acted upon on a rule-by-rule basis. Packet filters work best for restricting certain IP addresses and TCP and UDP applications from entering or leaving your network.
Packet filters can be used to screen entire applications or network IDs. For example, a packet filter could restrict all inbound traffic to a
specific host. This restriction would prevent a hacker from being able to contact any other host within the internal network. Screening
routers must be configured with routing tables for both the internal and the public networks. These routing tables display part of your
internal network to the outside world.
Screening router weaknesses
Packet filters take the IP addressing information at face value. If a packet passes all the rules, it will be routed to the destination. If a hacker spoofs his or her source address with a source address that is specifically allowed by a rule within the filter, the firewall will pass or route the packet.