Security 📅 2026-07-01 ⏱ 8 min read 👶 Beginner friendly

What is a Firewall and How Does It Work? Beginner's Guide

Every second, thousands of malicious connections try to reach your computer, your home router, and the servers that run the websites you use. Most of these attacks fail silently — and one of the main reasons they fail is the firewall. Yet most people have never stopped to ask: what is a firewall, exactly, and how does it actually work?

This guide answers both questions in plain English. No networking degree required. By the time you finish reading, you will understand what a firewall is, how it inspects traffic, the different types available, and how to verify that your own devices are protected right now.

What is a Firewall? The Simple Explanation

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on a set of predefined rules. That is the technical definition. But here is the version that actually sticks:

Think of a firewall as the security guard at the entrance to a nightclub. Every person who tries to get in is checked against a list. If your name is on the approved list, you walk straight through. If you are not on the list — or if you are on the banned list — the bouncer turns you away. No argument, no negotiation. The decision is instant and automatic.

In network terms, the "people" trying to get in are data packets — tiny chunks of information travelling across the internet. The "list" is the ruleset — a set of conditions that tell the firewall what to allow and what to block. The "bouncer" is the firewall software or hardware itself, checking every packet against those rules at high speed.

Firewalls sit between your device (or your entire network) and the internet. They create a controlled boundary — sometimes called a perimeter — through which all traffic must pass. Nothing gets in or out without being checked first.

The word "firewall" originally comes from construction: a fire wall is a physical barrier built into a building to stop fire spreading from one section to another. The same idea applies in computing — the firewall is a barrier that stops dangerous network traffic from spreading into your systems.

How Does a Firewall Work? Step by Step

Understanding how a firewall works requires a brief look at how data travels across the internet. When you visit a website, your computer does not send one big chunk of information. It breaks everything up into small pieces called packets. Each packet contains a small amount of data plus a header — a label that says where the packet is coming from, where it is going, which port it is using, and which protocol it follows.

A firewall reads those packet headers and decides what to do next. Here is the full process, step by step:

  1. A packet arrives at the firewall. It might be incoming traffic from the internet trying to reach your computer, or outgoing traffic from your computer heading to a server.
  2. The firewall reads the packet header. It notes the source IP address, destination IP address, port number, and protocol (TCP, UDP, ICMP, etc.).
  3. The firewall compares the packet against its ruleset. Rules are checked in order, from top to bottom. Each rule says something like: "Allow TCP traffic on port 443 from any source" or "Block all traffic from IP address 192.0.2.99".
  4. The first matching rule wins. If the packet matches an allow rule, it passes through. If it matches a block rule, it is dropped. If it matches no rule at all, the firewall applies a default policy — usually "deny everything not explicitly allowed."
  5. The decision is logged. Most firewalls keep a record of every decision: what was allowed, what was blocked, when, and from where. These logs are invaluable for spotting attacks.
Imagine a customs officer at an airport. Every passenger hands over their passport. The officer checks the document against a database: is this person allowed in? Are they on a watchlist? Is anything missing from their paperwork? Most people sail through. A few get pulled aside. A handful are turned back at the border. The firewall does exactly this — but at a rate of millions of checks per second.

Modern firewalls do far more than just check IP addresses. Stateful firewalls track the state of connections — they know whether a packet is part of an established conversation or a suspicious new request out of nowhere. Next-generation firewalls (NGFW) go even further, inspecting the actual content of packets, blocking specific applications, and integrating with threat intelligence feeds that list known malicious IP addresses in real time.

Types of Firewalls Explained

Not all firewalls work in the same way. Here are the main types you will encounter, explained in plain terms:

Packet Filtering Firewall

The oldest and simplest type. It checks each packet in isolation — source IP, destination IP, port, and protocol — and applies rules. It is fast and lightweight but cannot see whether a packet is part of a legitimate ongoing connection or a new, suspicious one. Think of it as a bouncer who only checks the name on your wristband, not whether you actually belong to the party.

Stateful Inspection Firewall

A significant upgrade on basic packet filtering. A stateful firewall keeps track of every active network connection in a state table. It knows that if your browser opened a connection to a web server, the incoming replies from that server are legitimate — they are part of an established session. Random incoming packets that do not match any known connection get blocked. This is the standard for most modern home routers and corporate network firewalls.

Application Layer Firewall (Proxy Firewall)

This type operates at a higher level, understanding the actual content of network traffic rather than just the headers. A proxy firewall can tell the difference between legitimate HTTPS web traffic and malware that has disguised itself as HTTPS. It acts as an intermediary — your connection goes to the firewall, the firewall inspects it, then it forwards the request onward. More secure, but slower due to the extra processing.

Next-Generation Firewall (NGFW)

The current standard for enterprise environments. An NGFW combines stateful inspection with deep packet inspection (DPI), application awareness, intrusion prevention systems (IPS), and real-time threat intelligence. It can identify and block specific applications — like blocking TikTok on a corporate network — regardless of which port they use. It can also decrypt and inspect encrypted HTTPS traffic to detect hidden threats.

Cloud Firewall (Firewall-as-a-Service)

As businesses moved to the cloud, firewalls followed. A cloud firewall runs in the cloud and protects cloud infrastructure, remote workers, and distributed offices without requiring physical hardware at every location. Services like AWS Security Groups, Azure Firewall, and dedicated Firewall-as-a-Service providers (FWaaS) fall into this category.

Hardware vs Software Firewalls — Which Do You Need?

You have almost certainly heard both terms. The difference is simpler than it sounds:

Hardware Firewalls

A hardware firewall is a dedicated physical device that sits between your internet connection and your network. Your home broadband router almost certainly has a basic hardware firewall built in — it is why random devices on the internet cannot directly connect to your laptop even if your laptop's own firewall is switched off. In offices and data centres, dedicated firewall appliances from vendors like Cisco, Palo Alto Networks, Fortinet, and Check Point protect entire networks.

Hardware firewalls protect every device on the network at once. A business with 500 computers does not need 500 separate firewall configurations — the hardware firewall at the network perimeter handles everything coming in and going out.

Software Firewalls

A software firewall runs directly on your computer or server. Windows has had a built-in software firewall since Windows XP Service Pack 2. macOS includes one too, although it is not enabled by default on older versions. Many antivirus suites include a software firewall component.

Software firewalls protect one device at a time. They are especially useful when you take your laptop outside the safety of your home network — connecting to public WiFi at a hotel or coffee shop, for example, where there is no hardware firewall between you and the internet.

Which do you need?

For home users: use both. Your router's built-in firewall handles inbound threats from the internet. Windows Defender Firewall (or macOS firewall) protects you on the go and catches outbound connections from malware trying to phone home. For businesses: a hardware or cloud firewall at the network perimeter is essential. Software firewalls on individual machines add a second layer of defence.

What Firewalls Block (and What They Don't)

Firewalls are powerful, but they are not a magic shield against every threat. Understanding what they can and cannot do helps you make smarter security decisions.

What a Firewall Can Block

What a Firewall Cannot Block

The key lesson: a firewall is one layer of security, not your only layer. Cybersecurity professionals talk about "defence in depth" — layering multiple controls so that if one fails, others compensate. A firewall pairs with antivirus software, security patching, user training, multi-factor authentication, and monitoring tools to form a complete defence.

How to Check Your Firewall is On

Most people assume their firewall is running. Here is how to verify it on the most common platforms:

Windows

Open the Start menu and search for Windows Defender Firewall. Click on it. You should see green ticks next to "Private networks" and "Public networks" with the message "Windows Defender Firewall is on." If it shows as off, click "Turn Windows Defender Firewall on or off" in the left panel and enable it for both network types.

Alternatively, open Command Prompt and run:

netsh advfirewall show allprofiles

Look for State: ON for the Domain, Private, and Public profiles.

macOS

Go to System Settings → Network → Firewall (on macOS Ventura and later) or System Preferences → Security & Privacy → Firewall (on older versions). The firewall toggle should show as enabled. If not, click the lock icon to make changes and turn it on.

Your Home Router

Log in to your router's admin panel — usually by typing 192.168.1.1 or 192.168.0.1 into your browser's address bar. Look for a Firewall or Security section. Most routers have SPI (Stateful Packet Inspection) firewall enabled by default. If yours shows it as disabled, switch it on.

Quick Security Check

Run a free port scan from a site like ShieldsUP (grc.com) to see what your router is exposing to the internet. All ports should show as "Stealth" — invisible to outside scanners. If any ports show as "Open," investigate why and close them if they are not needed.

Linux

Most Linux distributions use iptables or nftables under the hood, often managed through a frontend like ufw (Uncomplicated Firewall). Check the status with:

sudo ufw status

If it shows Status: inactive, enable it with sudo ufw enable. Before doing so on a server, make sure you allow SSH on port 22 first to avoid locking yourself out:

sudo ufw allow ssh
sudo ufw enable

Frequently Asked Questions

What is a firewall?

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predefined rules. Think of it as a security guard for your network — it decides what gets in and what gets blocked.

How does a firewall work?

A firewall inspects every packet of data entering or leaving your network and compares it against a ruleset. If the traffic matches an allowed rule, it passes through. If it matches a blocked rule or no rule at all, it is dropped. Modern stateful firewalls also track the state of active connections, ensuring that only legitimate reply traffic is allowed back in.

Do I need a firewall?

Yes. Every device connected to the internet should have firewall protection. Windows and macOS include built-in firewalls that you should keep enabled. Your home router almost certainly has a built-in firewall too. Businesses need additional hardware or cloud-based firewalls for full network protection, along with proper rule configuration and ongoing monitoring.

What is the difference between a hardware and software firewall?

A hardware firewall is a physical device that protects an entire network — common in offices and data centres. A software firewall runs on individual computers and protects just that one device. Most home setups use both without realising it: the router provides a hardware firewall at the network edge, while Windows or macOS provides a software firewall on the device itself. Both layers together give you better protection than either alone.

Can a firewall block all attacks?

No. Firewalls are one layer of security. They cannot stop phishing emails, malware already inside your network, or attacks that use allowed ports. They also cannot protect against users who voluntarily install malicious software. You also need antivirus, regular patching, and user awareness training. Security is always a stack of multiple controls working together, not a single silver bullet.

✓ What you learned

  • A firewall is a security guard for your network — it checks every packet against a ruleset and allows or blocks it.
  • Firewalls work by reading packet headers, matching them to rules, and applying the first matching rule — or a default deny if nothing matches.
  • There are several types: packet filtering, stateful inspection, application layer (proxy), next-generation (NGFW), and cloud firewalls.
  • Hardware firewalls protect entire networks; software firewalls protect individual devices. Most setups need both.
  • Firewalls cannot stop phishing, insider threats, or attacks through allowed ports — defence in depth is essential.
  • You can verify your firewall is active in seconds on Windows, macOS, Linux, and your home router.

Keep Learning on ITVedas

This is one of 150+ guides across 7 IT chapters — all free, all in plain English.

Explore All Chapters →
Related Articles
🌐How Does a VPN Work? Explained Simply 🔐Zero Trust Architecture: Complete Beginner's Guide 📚All Security Guides