A firewall is an organizationally and technical concept for the separation of networks, its correct implementation and constant maintenance. One piece that's often used is a piece of hardware that connects to networks the way as it's allowed in the concept. This piece of hardware is often called firewall-system/computer or in short firewall.

How does a typical technical implementation of a firewall look like?

First you put a packetfilter between the directly connected networks (network 1 -- packetfilter -- perimeter network -- packetfilter -- network 2). The packetfilters only allow traffic from the directly attached networks. A connection from one network to the not directly attached packetfilter or the other network is strictly forbidden.

The perimeter network is also known as DMZ (Demilitarized Zone). In it there are switching computers for all protocols/services who should work from one net to the other net. Such a switching computer is also known as Proxy, because it works pro procurationem/by proxy (like a secretary). Proxies work on application level, means they understand the communi

The link for this article located at Lutz Donnerhacke is no longer available.