A firewall is a mechanism that blocks some types of network traffic while allowing other types to pass, usually for the purpose of protecting a host or network from unauthorised access. The decision is usually made at the network layer, using protocol information obtained from the link, network and transport layers (such as MAC or IP addresses and TCP or UDP port numbers).

The iptables subsystem of the Linux kernel has the ability to act as a firewall if supplied with an appropriate ruleset. This can be done using the iptables command. Firewall rules are usually placed in the INPUT, OUTPUT and FORWARD chains of the filter table.


Further reading