Primarily, firewalls allow or block network traffic between devices based upon rules set up by the firewall administrator. Each rule defines a specific traffic pattern you want the firewall to detect and the action you want the firewall to take when that pattern is detected.
A firewall can only operate on communications traffic that physically passes through it. A firewall has no impact on traffic between two devices on the same "side" of the firewall (i.e., both connected to the same firewall network card or port).
Criteria Used to Identify Communication Sessions
When the firewall receives a request from a device on one side to communicate with a device on a different side, it compares information about the request against each firewall rule in sequence until a match is found. The following information is considered:
-- The network address of the device initiating the communication ("source") is compared against the list of sources contained within the rule.
-- The network address of the device whose services are requested ("destination") is compared against the list of destinations contained within the rule.
-- The service being requested (e.g., Web, mail, file transfer, terminal session, etc.) is compared against the list of services contained within in the rule.
Additional Criteria Provided by Some Vendors
Some firewall products can also consider not only the service type, but also the specific actions, files or elements involved. For example, between specific sources and destinations, a firewall may:
-- allow Web requests to proceed except for certain Web pages,
-- allow file transfers to proceed from destination to source but not vice versa,
-- allow file transfers to proceed except for certain named files.