What Is a Firewall? Types & How They Work (2026)
June 4, 2001 · by Pentevo
A firewall is a security device or software that controls network traffic based on a set of rules — deciding what's allowed in and out. It's the classic first line of network defense: a gatekeeper between your trusted network and the untrusted internet.
What it actually does
Every firewall enforces a policy: allow this, block that. Rules are based on things like source/destination IP, port, and protocol. Traffic that doesn't match an allow rule is dropped. The guiding principle is default deny — block everything except what you explicitly permit.
The main types
- Packet-filtering — the basic kind: checks each packet against rules (IP/port/protocol). Fast but unaware of context.
- Stateful inspection — tracks the state of connections, so it knows a response belongs to a request you allowed. The modern baseline.
- Next-Generation Firewall (NGFW) — adds application awareness, intrusion prevention, and deep inspection — it understands which app the traffic belongs to, not just the port.
- Web Application Firewall (WAF) — operates at the application layer to filter web attacks like SQL injection and XSS. Note: a WAF is a layer, not a substitute for fixing the code.
Host vs. network firewalls
- Network firewall — protects a whole network at its edge.
- Host firewall — runs on an individual machine (like the one built into Windows/Linux).
Use both — defense in depth.
What a firewall is not
A firewall is essential but not sufficient. It won't stop phishing, malware a user installs, or attacks that ride on allowed traffic (like web app flaws). It's one layer among many.
Where it fits in security
Firewalls reduce your attack surface — fewer exposed services means fewer targets. Combined with patching, segmentation, and monitoring, they make an attacker's job much harder.
To understand how attackers probe past these defenses (so you can harden them), read What Is Penetration Testing? or start the free Pentevo Academy.
Related reading
VPN Explained: What It Does (and Doesn't) — 2026
How a VPN actually works, what it protects you from, what it doesn't, and how to choose one — without the marketing hype.
FundamentalsWhat Is Penetration Testing? A Beginner's Guide (2026)
A plain-English guide to penetration testing: what it is, the five phases, the main types, and how it differs from a vulnerability scan.
FundamentalsZero-Day Vulnerabilities Explained (2026)
What a zero-day vulnerability is, why it's so dangerous, how zero-day exploits are used, and what defenders can do about the unknown.
FundamentalsWhat Is a CVE? Understanding Vulnerability IDs (2026)
What CVE means, how the numbering works, how CVSS severity and EPSS scores help you prioritize, and how to track the CVEs that matter.
Practice this hands-on
Pentevo Academy turns these concepts into guided lessons, videos and quizzes — free.
Start learning free