Purpose of a firewall

A firewall is usually placed in front of a group of machines and its primary function is to control communication from and to this group of machines. Communication between two machines over the Internet is a stream of packets (datagrams) send in both directions. The firewall examines all packets that is about to be routed through the machine and, based on a set of rules, determines if the packet is allowed to pass through the machine or not. This functionality is often referred as a packet filter.

The secondary function of a firewall is to modify the packets passing through the firewall. This is called Network address translation (NAT), as the modifications usually applies to either sender or receiver information contained in the packets. NAT can for example be used to allow machines without a public addressable Internet protocol (IP) number, to access the Internet through a firewall, by using the IP-number of the firewall as the sender identification. This is also called ip masquerading, as it disguises the address of the machines behind the firewall.