Packet Filtering Definition

A Packet Filtering is a software that examines the header of the packages as they go by, and decides the fate of the complete package. I could decide to discard it. That is as if I had never received it, accept it, or more complicated things.

In Linux, packet filtering is programmed in the kernel (as a module or as a static component). And there are some curious things we can do with the packages. But there is still the general principle of looking at the headers to decide the fate of the package.

Why would you want Packet Filtering?

Control

When you are using a Linux machine to connect your internal network to another (for example, the Internet). You have the opportunity to allow certain types of traffic and restrict others. For example, the header of a package contains the destination address of the package, so you can prevent those who go to a particular site outside the network from leaving.

Security

When your Linux machine is the only thing between the chaos of the Internet and also its beautiful and orderly network. It is good to know that you can restrict what arrives by banging your door.

For example, we could allow everything that comes out of the network, but you may be concerned about the well-known “Death Ping” that can come from malicious people from outside.

In another example, it might be that you don’t want people outside to telnet to your Linux machine. Even if all your accounts have a password. You may wish to be an observer on the Internet, and not a server (). You do not want to let anyone connect, causing the packet filter to reject incoming packets that are used to establish connections.

Surveillance

Sometimes, a poorly configured machine on the local network may decide to vomit packets to the outside world. It is good to tell the packet filter to notify you if something abnormal occurs; maybe you can do something about it, or you may be curious by nature.