Apr 11, 2024

Firewalls 102: Understanding Basic Filtering and ACL Rules

Paul Painter, Director, Solutions Engineering

To continue our firewall series, we are delving into the fundamentals of basic filtering, a cornerstone of network security. Be sure to check out Part 1 for a deep dive into Network Address Translation (NAT).

Firewalls act as guardians, meticulously examining data packets traveling between your secure internal network and the wild world of the internet. Basic filtering allows authorized traffic to flow freely while blocking unwanted connections.

Demystifying Firewall Rules and ACLs

To control this traffic flow, firewalls leverage Access Control Lists (ACLs), essentially a set of rules dictating which traffic is allowed and which is denied. Each data packet carries information like source and destination IP addresses, along with the designated service (port) it uses. The firewall meticulously compares this information against each ACL rule, one by one. Here’s why the order of these rules is critical.

Breaking Down a Simplified ACL Rule:

  • Source IP: Specifies the sender’s IP address (or a range of addresses).
  • Destination IP: Specifies the recipient’s IP address (or a range of addresses).
  • Service/Port: Defines the type of traffic (e.g., web browsing – port 80, secure browsing – port 443).
  • ALLOW/DENY: Determines whether to permit or block the traffic.
  • Comment: Provides a brief explanation for the rule’s purpose.

The below example shows a basic firewall rule set enabling a web server to communicate securely:

Source IP  Destination IP  Service/Port  ALLOW/DENY  Comment 
ANY  WebServer  Hypertext transfer protocol (http) / 80  ALLOW  Allows anything to use unencrypted web protocol traffic to talk to the web server 
ANY  WebServer  Hypertext transfer protocol secured (https) / 443  ALLOW  Allows anything to use encrypted web protocol traffic to talk to the web server 
ANY  ANY  ANY  DENY  Denies any traffic that isn’t defined above.  AKA “implicit deny” 


A misplaced rule can have unintended consequences, highlighting the importance of order. Additionally, the final “deny” rule acts as a safety net, blocking any unrecognized traffic.

Stateful Inspection: A Powerful Tool with Nuances

Beyond ACLs, firewalls utilize stateful inspection to track connection information, ensuring data flows consistently in and out of the same interface. This feature, while powerful, demands careful configuration. We share a real-world scenario highlighting the significance of order in rule application.

Stateful inspection, despite occasional challenges, is a crucial tool to thwart hacking attempts. Our experienced technical staff at HorizonIQ specializes in optimizing rules and order, ensuring your managed firewall operates securely and efficiently.

Empower Your Network Security with HorizonIQ

Partner with HorizonIQ to leverage our managed firewall services and benefit from our dedicated technical support team. Learn best practices and implement a robust security posture for your organization. 

Stay tuned for future articles in this series where we explore firewalls and their functions, helping you make informed network security decisions.

Looking for more IT solutions? Explore our comprehensive suite of services.

Explore HorizonIQ
Bare Metal


About Author

Paul Painter

Director, Solutions Engineering

Read More