Talk:Firewall (computing)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
          This article is of interest to the following WikiProjects:
WikiProject Computing / Networking (Rated Start-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (marked as High-importance).
 
WikiProject Computer Security / Computing  (Rated Start-class, Top-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Top  This article has been rated as Top-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as High-importance).
 
WikiProject Software / Computing  (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

Proposal of redefining "Firewall" and adding more credible sources[edit]

I believe the initial definition of firewall provided in this article is a bit ambiguous and lacking in detail. Likewise, I'd like to point out that there are very little sources cited. There are even entire sections within this article that go into explaining a specific topic, without citing a single reference. — Preceding unsigned comment added by CGuerrero-NJITWILL (talkcontribs) 18:58, 7 April 2012 (UTC)

Proposal of redirecting to Firewall (networking)[edit]

Inaccuracies – UDP[edit]

"# Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking." UDP is a connectionless protocol and thus this doesn't make sense. Andy Buchanan (talk) 17:16, 14 December 2009 (UTC)

That's true, but still stateful firewalls use a connection-like concept for UDP packets, much like they do for TCP connections. Here's roughly how it works:
  • Once a UDP packet has been passed based on the firewall rules, the firewall creates an entry in its state-table.
  • Subsequent UDP packets are checked against the state-table first, and when source and destination match (i.e. IP-addresses and port numbers on both ends of the "connection" remain the same) the packet is passed without further checking it against the firewall rules.
  • The entry in the state-table is removed when it times out, typically in a few minutes.
Only the last step differs from TCP (TCP-entries in the state-table typically have a time-out of hours, the closing of TCP-connections is normally detected by inspecting the IP-headers), and I guess that's why "UDP-connection" creeped into firewall-speak. Like you stated, that is confusing and inaccurate.
Despite that the concept works fine. In the context of stateful firewalls, the word connection means nothing else than that an entry exists in the firewall's state-table. Jaho (talk) 18:19, 6 July 2010 (UTC)
Or if you prefer a less technical answer: many words have more than one meaning. The word connection has a different meaning in the context of firewalls, than in the context of TCP endpoints. In the context of firewalls it merely means that data has been exchanged in the last few minutes. Jaho (talk) 19:22, 6 July 2010 (UTC)

Question[edit]

What means the sentence: "A firewall is also called a Border Protection Device (BPD), especially in NATO contexts, or packet filter in BSD contexts."? Especially what means NATO contexts in this case? Why the Link to the North Atlantic Treaty Organisation?

I wondered about that as well. I suspect someone wanted to spice up the term "firewall" by using military vocabulary. For example, DMZ (de-militarized zone) is borrowed from military speak. I believe BPD is just a borrowed term as well. The NATO has nothing to do with the Internet and a BPD in real-life is just a fence or similar. "packet filter" seems to be BSD terminology and describes a simpler kind of firewall without bells and whistles. --82.141.57.90 04:31, 23 June 2006 (UTC)
I do not think that the mention of firewalls being called "BPDs" is relevant, seeing as how a Google search for "Border Protection Device" brings up this page first, and almost everything after that is completely unrelated. Could someone please cite a reference instead of just entering information into Wikipedia without showing relevance? --- Randilyn 07:27, 23 December 2006 (UTC)
If that's the consensus (and since I agree) I'll remove it while I'm hacking a bit at the article. - Paul 16:04, 30 March 2007 (UTC)
DMZ is actually a correct - but not necessarily appropriate - reference to firewall terminology. It is mainly used on routers which have a built in firewall. A De-Militarized Zone is an IP address on the network which has ports left open for direct access to the internet. This is used in the cases where the firewall configuration interferes with other programs which have a 'legitimate' reason to use the resources, such as FTP servers, certain games, HTTP servers etc. Leon Xavier (talk) 08:11, 30 March 2008 (UTC)

Another old comment[edit]

After you install a firewall, you should perform a Firewall Test to make sure your configuration is correct.

Application-layer firewall[edit]

The Article Application_layer_firewall should benefit from all the info given here. or maybe merged completely/made into a redirect. --Deelkar (talk) 22:58, 31 Jan 2005 (UTC)

I agree. Merging a bunch of tightly-related short article to one decent one could make a decent feature. Do we need to propose a vote somehow? I'd merge into this article both Application layer firewall and Network layer firewall. I'd even consider adding Personal firewall (without the vendor list), Demilitarized zone (computing), the proposed XML Firewall, and anything useful from Bastion Host. --ScottDavis 11:19, 26 Feb 2005 (UTC)

RFC 1918[edit]

Quote "Administrators often set up such scenarios in an effort (of debatable effectiveness) to disguise the internal address or network." - That sounds somewhat far-fetched. I wonder whether the author of that sentence has read RFC 1918 at all. Furthermore, it's not a bad idea at all to have internal and external addresses. Otherwise, it'll be much more difficult to configure proper rules and policies. However, this has nothing to do with hiding or disguising the external routable IP addresses. Last but not least, the point of RFC 1918 is that the machines behind the router(s) might have no public IP addresses. Thus, this sentence should either be removed or explained in detail. --195.62.99.203 21:15, 13 Jun 2005 (UTC)

Agree, in fact a NAT device is generally the best network device a non-technical home networking user can deploy to protect their computers from hacking. If no objections posted, will remove the phrase Xaosflux 04:58, 11 November 2005 (UTC)

Nonsense. NAT does not prevent hacking at all especially not for "non-technical" users which will happily download and execute random files from the internet. Let me cite the motivation of RFC 1918 "The Internet has grown beyond anyone's expectations. Sustained exponential growth continues to introduce new challenges. One challenge is a concern within the community that globally unique address space will be exhausted." Everything else is just a welcome or often rather unwelcome side-effect. --82.141.58.141 02:21, 24 June 2006 (UTC)
It's quite possible for a side-effect of the original technique to be a reason for employing the technique in another situation (such as a home network). - Paul 17:52, 19 April 2007 (UTC)
NAT does not provide any of a firewall's security benefits. Most malware these days is acquired by actively downloading it, which means using an outbound TCP connection. Also, I can't see why NAT is even mentioned in a Firewall article, since they are two different technologies. For example, see the iptables manpage: administration tool for IPv4 packet filtering and NAT. It is, correctly, not called just a "firewall administration tool", because it manages both packet filtering (firewalling) and NAT. Last but not least, the apparent "protection" from NAT is a feature of routing, not firewalling. 89.72.102.103 (talk) 16:13, 7 August 2011 (UTC)

This is more like a How-To[edit]

It feels much more like a HOWTO page rather than an encyclopeda article

Request[edit]

Could someone write a comparison of packet filters? (ipchains, pf, IPFilter, ipfw, Netfilter/iptables) ~~helix84 01:25, 15 November 2005 (UTC)

Can someone include the origin of "firewall"? I'm curious to know how the term came about.

rb[edit]

Can someone find a link to a rendered animation about the workings of a firewall. From memory it's about 100Mb in size [no it isn't, it's about 73Mb] and shows the journey of packets into and through a firewall [at the very least]. Very educational. Sure is! Great work 'Warriors of the Net' ! thank you. I just can't remember where I saw it and I've searched with clusty and google images. Much appreciated for finding the link if someone could. Fret no more; go get it from here: Warriors of the Net —Preceding unsigned comment added by 61.68.161.192 (talkcontribs) 03:46, August 20, 2006

Suggestion[edit]

Could someone break down the OS platforms for each firewall implementation? It's not very useful to the casual reader not knowing which firewall goes with which OS. (ie: Linux, Windows, Mac... etc) —Preceding unsigned comment added by 72.38.140.225 (talkcontribs) 08:34, September 19, 2006

To my knowledge, most firewall programs are compatible with all major/new OS', maximum compatibility means more users purchasing/using the product, which in turn would bring in more revenue to the company in question. A few firewalls are only made for Windows OS, and I would assume that a few are only made for Mac OS. Not too sure about firewalls for Linux. New versions of firewalls are also Vista compatible, but you would need to check this in more detail before you installed it. Leon Xavier (talk) 08:21, 30 March 2008 (UTC)

Morris Worm[edit]

This statement describes this virus/worm as still being a current problem today -- is this accurate?

"This virus known as the Morris Worm was carried by e-mail and is now a common nuisance for even the most innocuous domestic user." —Preceding unsigned comment added by 75.7.44.13 (talkcontribs) 16:31, September 23, 2006

Consumer Product Definitions of Firewall Types[edit]

I'm a consumer looking at the firewall descriptions of various DSL modems and routers, trying to compare different products and figure out what firewall features are available that I should look for. This Wikipedia article hasn't really clarified the situation for me.

One product says "Advanced security from hacker attacks with Stateful Packet Inspection (SPI) and Network Address Translation (NAT) firewalls".

Are those vague general terms, or exact specifications of firewall techniques that will be the same for any product that claims to do them? Statefully inspecting the packets for what -- the same things in any product that implements this? Is NAT really an active firewall, or just that the nature of a shared IP at the router device has this benefit?

One says "Protects PCs from Ping of Death, SYN Flood, Land Attack, IP Spoofing, and other DoS (Denial of Service) Attacks", another says protects against DoS attacks. Is product A better?

Etc. —Preceding unsigned comment added by 75.6.235.68 (talkcontribs) 22:46, September 24, 2006

Cleanup[edit]

Unless there are objections, I'd like to remove the lengthy lists and wikify comment boxes, or at least place them in the sections. Regardless, the article still needs work. Luis F. Gonzalez 17:50, 17 November 2006 (UTC)

I agree, it's no use having a list of 'all' software/hardware firewalls. Maybe the most common ones (or any, it are just examples...) could be kept in the lists (let's say two or three per category).

--as long as there's no loss of information. Note that this is the opposite of the discussion link at the top of the article about merging in the "network layer firewall" article though it's already linked to. Linking to extra information is, I think, one of the convenient things about Wikipedia versus an offline encyclopedia, so I don't think Wikipedia should necessarily imitate it's offline counterpart.

Firewall architectures[edit]

I expected to find more about different firewall architectures here, but I didn't. More information about this can be found on this site. It's also great resource for anyone who would like to work on this article.--Bernard François 20:05, 19 January 2007 (UTC)

There are way too many "generations" in this article - a graphical interface does not a new generation make. IMHO. Of course ;-) I propose to trim the subsequent generations somewhat (and am renaming the section to "subsequent developments", in preparation). - Paul 16:35, 30 March 2007 (UTC)

I trimmed some bits:

A second generation of proxy firewalls was based on Kernel Proxy technology. This design is constantly evolving but its basic features and codes are currently in widespread use in both commercial and domestic computer systems.

If anyone knows what that means (beyond "there is another buzzword-compliant generation that keeps changing but is being used"), and if it is relevant to firewalls, and if you can explain it in English, please feel free to explain and insert. - Paul (talk) 06:24, 25 November 2007 (UTC)

I would be interested to know what possible relevance War Games has, apart from the fact that is a film that contains breaking into US military computers, but that isn't exactly an uncommon subject for films, and if the writer of this article wants to demostrate the knowledge of firewalls in popular culture, surely there must be a load of better examples than ones like this, which seems to include a load of other terms that don't really relate to firewalls, and specific to the film in question (the "Back Door" is the way the kid gets in, it is a single password, "Joshua" that bypasses absolutely everything in the entire US military defence firewalls, and what have tapeworms to do with anything at all.) It seems to me that this is just a bit of a film the writer likes that he thought he'd put in for the hell of it. Does this really need to be here, it just look really unprofessional to me. —Preceding unsigned comment added by The Athlon Duster (talkcontribs) 10:15, 17 May 2008 (UTC)
The film WarGames was the first film that had a plot where a student did that (and I think it's the first one ever where a civilian hacks a governtment computer remotely using infrastructure available at every home), and it inspirated a lot of people to start hacking. Please read stuff about the history of hacking like like this posting on a hacking warez website, aka wannabe-hacker website "-The 80's Hacker- During the 1980's the hacker population probably went up 1000-fold. Why? For several reasons (...) The second, and probably biggest reason was the movie WarGames. WarGames displayed hacking as a glamourous profession. It made hacking sound easy. I once heard that the estimate of hackers in the US increased by 600% after WarGames. Modem users also increased, but only by a mere 1200%. This made hacking easy, though, because it was also estimated that one third of "WarGames Generation Hackers" had the password 'Joshua'. If you have seen the movie, you know that that name had some significance. Many hackers didn't like WarGames, though. They thought it made hacking sound like a pansy thing to do. To non-hackers, though, WarGames was great. The third reason is because of the mass publicity surround WarGames and hacking. If we had a controlled media, probably the only hackers in the USA would be spies and corporate computer techs. The media increased the hacker population by a lot, also." --Enric Naval (talk) 22:09, 18 May 2008 (UTC)

Accuracy of Information[edit]

The information on the page is neither accurate nor useful. I suggest that this page be removed and re-done by a more experienced person who does work in this particular field. It would be unwise to allow such inaccurate information to ruin the reputation of Wikipedia.

Also, other more reliable sites have sometimes contradicted information on this site. This site states none of its sources, so it might have been made up or written from observations, not factual evidence. —The preceding unsigned comment was added by 58.179.138.69 (talk) 10:29, 22 February 2007 (UTC).

Firewall comparison link[edit]

I put a link to this comparison of free firewalls in the external links section, and it was removed about a day later. I think it's a good comparison, and while it does use wordpress, it's not a blog. The same articles could be put on a stand-alone site. This is the last I'll have to do with this, and I don't plan to argue for it after this post; if anyone else would like to add the link, that would be great.--Theymos 08:00, 9 March 2007 (UTC)

Looks like a pretty clueless reviewer to me, I would prefer not endorsing this link. -- intgr 08:49, 9 March 2007 (UTC)
Either on a blog site or personal page, there is no evidence of its reliability. It appears to be self-published original research with no sources cited. I prefer not to link to sites that have lower standards than WIkipedia. JonHarder talk 01:41, 10 March 2007 (UTC)
I often refer to the Talisker Security Wizardry Portal when looking up the current state of network security products. It was created by Andy Talisker, I think in 1999, and has been kept fairly up-to-date ever since. It doesn't review the products, but it gives descriptions. It may be a good reseource to add to the Links section of the page. --70.51.57.5 00:15, 17 April 2007 (UTC)

First to Second Generation Timegap?[edit]

"The first paper published on firewall technology was in 1988, when..." "From 1980-1990 three colleagues from..." The two beginnings of the paragraphs concerning first and second generation firewalls. So the second generation firewalls was already eight years in development when the first virus attack occured and the first paper on the topic was published?! Anyone got references for this?

Vendors[edit]

What about adding a list of vendors with some information (Operating system, platform, etc.)? --212.202.20.73 (talk) 14:01, 22 November 2007 (UTC)

Better Definition Needed[edit]

Currently, the entry defines firewall this way -->

A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules.

It used to be defined this way -->

A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust.

I would like to improve the current definition to something like this -->

A firewall is a device or set of devices configured to permit, deny, encrypt, or proxy all computer traffic between different security domains based upon a set of rules or other criteria. --Purpleslog (talk) 17:26, 2 April 2008 (UTC)

Here are different defs brought together:

http://purpleslog.wordpress.com/2007/09/22/defining-firewalls/

--Purpleslog (talk) 18:39, 2 April 2008 (UTC)

Perhaps this is more cleanup than definition, but the defining line near the top that reads "A system designed to prevent unauthorized access to or from a private network." seems to be a fragment. I think proper grammar usage should be encouraged as it may help improve the reputation of Wikipedia. And in my opinion, information in the first two paragraphs seems to overlap heavily. -Asia1281- (talk) 17:16, 19 March 2009 (UTC)

Internet 1980's?[edit]

This is just wrong, But whats the right answer "Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s to separate networks from one another [1]. The view of the Internet as a relatively small community of compatible users who valued openness for sharing and collaboration was ended by a number of major internet security breaches, which occurred in the late 1980s.[1]" internet not 'create" (form earlier networks) till 1991. Why does every one won't to back date the creation of the internet?Oxinabox (talk) 11:41, 16 April 2008 (UTC). Revised --Oxinabox (talk) 06:51, 21 April 2008 (UTC)

(Fom my Talk Page)

I removed this comment of yours [1], because it talks about the article subject instead of helping to improve the article, per WP:TALK and WP:NOT#CHAT. If you think that the wording is incorrect then please make a constructive comment like suggesting an alternative wording. --Enric Naval (talk) 02:35, 18 April 2008 (UTC)

I'm not Suggsting that the Wording was wrong, I'm Saying that the Factual basis of the paragraph in question is wrong. however i did not make the change the the paragraph my self because it would have meant deleting large sections of the artical and i lack the knowledge (i just know that the internet didn't come in to place till 1991) and time to rewrite it.

The paragraph is just plain wrong--Oxinabox (talk) 06:51, 21 April 2008 (UTC)

The internet dates back well before the 1980s. I think you're thinking of the World Wide Web. DaniMagoo (talk) 19:41, 23 April 2008 (UTC)
Yeah, the internet is older than this funny thing called "the web". This was way back on time when people emailed each other directly to each other computers because routers on the universities trusted all traffic and were wide open to routing any packet directed to any port to any IP. Firewalls appeared when people started to abuse this openness. --Enric Naval (talk) 20:36, 23 April 2008 (UTC)
The first popular web browser was Mosaic, released on 1993 with the intention of helping people to navigate documents that were already avaliable on the internet, see List_of_web_browsers. It provided a graphical interface to a system that people were using already with text interfaces like Gopher since 1991 or BBS from the late 1970s to the mid 1990s, using Telnet, which predates the actual web by a good bunch of years. The Internet_protocol_suite article cites the late 60s for the first incarnation of internet, called ARPANET --Enric Naval (talk) 20:46, 23 April 2008 (UTC)

You are are right, i am wrong. My bad, I was thinking of the first "Web Browser". *Slap Idiot* (slaps himself). Thus i am glad i ask here on the talkpage first. OMG I don't belive i confused the internet with the web. -Oxinabox (talk) 02:35, 30 April 2008 (UTC)


Network Reconnaissance link correction needed[edit]

The Reconnaissance page has been limited to physical/military reconnaissance and includes a link to Vulnerability Scanning (http://en.wikipedia.org/wiki/Vulnerability_scanner). How do I redirect the link to Network Reconnaissance to the Vulnerability Scanning page and include that nice note saying "you have been redirected"?

Ocker3 (talk) 04:20, 17 June 2008 (UTC)

You really don't need to do that. I just changed the link to go directly to the vulnerability scanning page. Check the diffs and see if that makes sense, follow up with me if it doesn't. Jclemens (talk) 04:38, 17 June 2008 (UTC)

For some obscure reason somewhere the edits reverted that to point to the military reconnaissance page again, I've put it back to Vulnerability Scanning. —Preceding unsigned comment added by 78.148.172.119 (talk) 17:05, 11 July 2008 (UTC)

Jclemen's edit was not reverted. He changed a different link on the page [2]. I guess that he just didn't notice the link on the "See also" section and that's why he didn't change it. --Enric Naval (talk) 19:01, 11 July 2008 (UTC)

Parameter Security for Network[edit]

Firewall resides on the outer boundary (perimeter) of a network providing security. Network boundary connects one network to another. VPN owns its own perimeter firewall. Firewall parameter blocks viruses and infected email messages prior intrusion. it able to logs passing traffic and protects the entire network. Parameter 'subnet' minimizes the damage incurred from an attack.

I propose this section to be removed from firewall types or a major rewrite be done, because

  1. it has such a bad grammar you can hardly understand anything
  2. it is fully OR
  3. it has been written exclusively by the following anonymous author: User_talk:211.25.51.203 on 04:13, 27 November 2008

The author is reputed to produce slightly flawed grammar, but I can see no malicious intent. bkil (talk) 20:55, 6 January 2009 (UTC)

I take that back, it's a university's address! bkil (talk) 20:59, 6 January 2009 (UTC)
I removed it. It's essentially redundant anyway. Dman727 (talk) 22:11, 6 January 2009 (UTC)
Thanks. bkil (talk) 23:16, 6 January 2009 (UTC)

"which is very approximate and can be easily turned around."[edit]

Under the section "Subsequent developments": "Many firewalls provide such features by binding user identities to IP or MAC addresses, which is very approximate and can be easily turned around."

What does "turned around" mean here? Exploited? Can this be reworded? fogus (talk) 19:18, 27 April 2009 (UTC)

Proposed rename[edit]

I know it has become increasingly common when one is referring to "firewall", it means firewall in computer, especially in a computer-related conversation or people w/ IT background. However, since the name of computer firewall is a metaphor from the real firewall, and those real firewalls are still widely used in modern architecture, I think we have to honour the original subject and return the title "Firewall" to "Firewall (construction)". At the same time, I suggest we should rename this article's title to Firewall (computer).

If I assume correctly, it is customary in wikipedia to give the original, non bracketed title of the subject to the "real" thing. For example:

  • Adobe's page talks about the real adobe that has been used for thousand of years, not the company;
  • Mouse's page talks about the real mouse, not the pointing device u r holding at the moment;
  • Architecture's page talks about the architecture in real world, not computer architecture.
  • Oracle's page talks about the real oracle, not the company.

etc...

I believe the above principles are valid for this article too. So I am suggesting a name change, if anyone have reason to believe firewall should be an exception, please let me know. Da Vynci (talk) 21:11, 9 February 2010 (UTC)

  • Since there has been a while and there is no objection heard, I think going to do the name change soon. Da Vynci (talk) 00:15, 12 February 2010 (UTC)
  • I am in agreement. The page statistics indicate there is substantially more interested in the networking article than the construction article, even considering that the networking article was the first point of reference (the stats indicate a clickthrough of less than 10% (assuming others found it through other links and direct hits and the dab page), which seems awfully low for people looking for information on that topic). Shadowjams (talk) 02:21, 12 February 2010 (UTC)

Hi everyone, yeah, I realised the move wasn't carried out ideally. Somehow the "move" button didn't appear on the Firewall page when I did the move (strangely, it appeared in the Firewall (construction) page). So, if anyone need to fix the technical side of the move, by all means please do. As for the move itself, I am more inclined to give the title Firewall to the actual firewall for the rationale listed above, but I am fine w/ the disambiguation solution that Desiegel suggested. Da Vynci (talk) 03:33, 12 February 2010 (UTC)

Do we have agreement then? DES (talk) 03:15, 12 February 2010 (UTC)
I believe so. Shadowjams (talk) 03:24, 12 February 2010 (UTC)

Hardware firewalls ?[edit]

Currently the body of the article states

Firewalls can be implemented in either hardware or software

Has a firewall implemented in hardware ever existed ? I don't mean a firewall in a dedicated piece of hardware, but a real firewall implementation in hardware. Every firewall implementation I've seen has been done in software. I'm guessing a hardware firewall could be done, but would be need to be completely reworked to change its rules. Adsbenham (talk) 16:28, 17 October 2010 (UTC)

To the best of my knowledge, there are very few "hardware" firewalls, at least as you define the term.
More often, though, the term hardware firewall is used to refer to dedicated hardware appliances (running specialized firmware) such as those made by Checkpoint (formerly Nokia), Cisco, Juniper, and others, while software firewalls indicate programs running within an otherwise non-firewall computer or computing system, like the Windows Firewall, the Unix/Linux IPTABLES or IPCHAINS (or other) daemons or any of countless other filtering programs. — UncleBubba T @ C ) 07:02, 4 March 2011 (UTC)

Some Serious Cleanup Needed[edit]

The following text was in the lede, and has several problems. First, it's way too much detail for the location. Second, it rambles and doesn't stick to the purported topic, i.e. Firewall Techniques. Third, it's just plain confusing, especially concerning Proxy Servers which, for example, may or may not intercept all messages entering and leaving the network.

I'm willing to help rework/rewrite the article but right now I have to get some sleep. Any comments, anyone?

Firewalls use several techniques to perform their functions:
  1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.
  2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
  3. Circuit-level gateway: Applies security mechanisms when a TCP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
  4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

— UncleBubba T @ C ) 06:49, 4 March 2011 (UTC)

History section[edit]

Is it just me (probably...) or is there something missing in this section? It has a paragraph about physical and literal firewalls, then para 2 goes on about the Morris worm and the machines of the day without any explanation of what's going on. There's a - at the start of para 2 that suggests to me something's gone for a holiday. I just popped in to find out how firewalls do it, BTW. Still don't know.... Peridon (talk) 19:22, 5 April 2011 (UTC)

No, it's not you. The article has pretty much been sliced and diced into pieces and now it could really use a rewrite. I'm thinking if I can get some time... — UncleBubba T @ C ) 22:40, 5 April 2011 (UTC)

Requested move[edit]

The following discussion is an archived discussion of the proposal. Please do not modify it. Subsequent comments should be made in a new section on the talk page. No further edits should be made to this section.

No consensus to move. Vegaswikian (talk) 19:59, 1 October 2011 (UTC)

Firewall (computing)FirewallRelisting. -GTBacchus(talk) 16:12, 24 September 2011 (UTC)Primary topic. Page views: 50,320, 5,946, 8,894, 656, 641. I think there is a case to be made to move Firewall (construction) to Fire wall (construction). Marcus Qwertyus 01:05, 17 September 2011 (UTC)

  • Oppose A disambiguation page should exist at the undisambiguated location. "Firewall" in this context is only for the tech savvy or for those talking about the political implications of the Great Firewall. Car guys would think about the firewall separating the engine compartment from the passenger cabin; and there are alot of car guys in the world. 70.49.125.226 (talk) 04:57, 17 September 2011 (UTC)
  • As a "car guy" myself I've always thought of that as a "bulkhead" rather than a "firewall". I'd support this move as the networking usage seems to be particularly dominant (though the ratio might be less striking if we looked at offline sources). bobrayner (talk) 19:35, 17 September 2011 (UTC)
  • Relisting - I'm relisting this discussion rather than closing it after 7 days, because I'd like to see more input from people familiar with both main kinds of firewall. Accordingly, I'm posting notes to relevant WikiProjects. -GTBacchus(talk) 16:12, 24 September 2011 (UTC)
  • Oppose but not strongly. I was both a computer networking professional for a long time, and had enough remodel projects done to know of two kinds in two fields. Just a matter of time until people remember the computer ones as something their grandparents used, while the ones in construction will be required as long as there is oxygen in the atmosphere. W Nowicki (talk) 18:14, 24 September 2011 (UTC)
  • Oppose. If anything, in my dialect of English the primary meaning would be the automotive use. It will be a difficult one to substantiate either way owing to the bias of online sources, so I'd leave the DAB at the undisambiguated name. Andrewa (talk) 18:18, 24 September 2011 (UTC)
  • Oppose. The dab page on the main title seems the best fit. SchuminWeb (Talk) 03:27, 25 September 2011 (UTC)
  • Oppose. When I am out away from my computer, a firewall is first a fire-resisting wall in a building or similar. Anthony Appleyard (talk) 05:42, 25 September 2011 (UTC)
  • Oppose Current dab page at Firewall is needed. I don't think that page view stats alone are enough to make make Firewall (computing) the WP:PRIMARYTOPIC. Regarding renaming Firewall (construction), that would depend on WP:COMMONNAME. --Trevj (talk) 07:16, 26 September 2011 (UTC)
  • Oppose I too am a computer guy and was a car guy. Unless talking specifically of networking, the I think of a firewall as that of a car (regardless of whether it is spelled firewall or fire wall). — Dgtsyb (talk) 09:31, 26 September 2011 (UTC)
  • Moderate Oppose The networking term is named for Firewall (construction), which gives that article (if any) a decent claim to being the primary topic, IMO. --Cybercobra (talk) 01:20, 27 September 2011 (UTC)
  • Oppose because the computing sense is not the primary usage, and note that this nomination was improperly done, as no Move Request was made for the disambiguation page at Firewall: this is a RM for multiple pages but was not nominated as such.
The above discussion is preserved as an archive of the proposal. Please do not modify it. Subsequent comments should be made in a new section on this talk page. No further edits should be made to this section.

Need to replace the word "brigade" with ...?[edit]

In "A network's firewall builds a brigade between...," "brigade" makes no sense. Possibly they meant "bridge?" WikiAlto (talk) 23:22, 11 May 2012 (UTC)

I agree. "Bridge" makes sense. However "builds a bridge" is not quite right. I suggest "acts as a bridge" because the firewall does not construct the connection - it is the connection. SimonWiseman (talk) 20:24, 18 May 2012 (UTC)

Will using "bridge" ("acts as a bridge") generate any confusion with the terms/concepts "network bridge" or "protocol bridge"? I don't know the answer to this. If not; then "acts as a bridge" sounds good to me. WikiAlto (talk) 03:20, 20 May 2012 (UTC)

It's now been changed to "firewall builds a bridge between", but I agree this is not very clear and the use of "bridge" is inviting confusion with "network bridge". Maybe it should just state it in plain English - "A firewall connects an internal network....". SimonWiseman (talk) 19:31, 5 June 2012 (UTC)

Third generation: application layer -- Inaccuracies[edit]

This section would be better titled: Third Generation: NGFW. This is the standard name in the industry today.

Additionally, there's a statement that I believe to be irrelevant to the article.

...Web Application Firewall (WAF). WAF attacks may be implemented in the tool “WAF Fingerprinting utilizing timing side channels” (WAFFle).

The citation (13) references WAFs. WAFs are _not_ the same as network security gateways AKA firewalls. They are a very specific security gateway that protects webservers and focuses on HTTP/HTTPS protections.

This is entirely different from a "regular" firewall. Thus, this portion should be removed. There should really be a separate article dedicated to WAF technology. It is that important and relevant in the industry today.