Packet Filtering
What is Packet Filtering?
Packet FilteringA network-security technique that inspects each packet's header fields and allows or drops it based on a static ruleset.
Packet filtering examines individual network packets at layer 3/4 and decides whether to permit or deny them based on header fields such as source and destination IP addresses, transport protocol, and ports, plus flags like TCP SYN/ACK. It is the simplest form of firewall, implemented in routers, OS kernels (iptables, nftables, pf, Windows Filtering Platform), and cloud ACLs. Filters can be stateless (each packet evaluated alone) or used as the data-plane of a stateful firewall. Packet filtering is fast and inexpensive but cannot understand application-layer context, encrypted payloads, or sophisticated evasion such as fragmentation overlap, making it one layer of a broader defence-in-depth design.
● Examples
- 01
An iptables rule dropping all inbound TCP/23 (Telnet) on a Linux server.
- 02
An access-list on a Cisco IOS router blocking RFC1918 source addresses on the WAN interface.
● Frequently asked questions
What is Packet Filtering?
A network-security technique that inspects each packet's header fields and allows or drops it based on a static ruleset. It belongs to the Network Security category of cybersecurity.
What does Packet Filtering mean?
A network-security technique that inspects each packet's header fields and allows or drops it based on a static ruleset.
How do you defend against Packet Filtering?
Defences for Packet Filtering typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Packet Filtering?
Common alternative names include: Packet filter.