How Firewall Protection Works

Firewall protection works by blocking certain types of traffic between a source and a destination.

All network traffic has a source, a destination, and a protocol. This protocol is usually TCP, UDP, or ICMP.

If this protocol is TCP or UDP, there is a source port and a destination port. Most often the source port is a random port and the destination port is a well-known port number. For example, the destination port for HTTP is 80 and the destination port for DNS is 53.

If the protocol is ICMP, there is also an ICMP message type. The most common ICMP message types are Echo Request and Echo Reply.

Firewall protection works by allowing the network security administrator to choose which protocols and ports or message types to allow — and which ones to deny.

 
Example Firewall Protection: Blocking Outbound E-mail

Internet e-mail uses the SMTP protocol. SMTP servers answer on TCP port 25.
If you block outbound TCP port 25 from your network, users will not be able to send outbound e-mail — except through your approved e-mail servers.
However, a sophisticated user who operates their own mail server could configure their mail server to respond on another port, in addition to port 25. This would be an effective work-around your security policy.