TL;DR
A firewall is a gatekeeper that controls what traffic can reach your server. It blocks connections from unauthorized sources and only allows traffic on specific ports. Network firewalls filter by IP and port. Web Application Firewalls (WAFs) understand HTTP and can block attacks like SQL injection. Cloud providers include firewall features you should configure.
The Simple Explanation
Think of a firewall as a bouncer at a club. It checks each connection attempt against a list of rules. "Are you trying to reach port 443? OK, come in. Port 3306 from the internet? No entry." This stops attackers from reaching services that should not be public.
Types of Firewalls
| Type | What It Does | Examples |
|---|---|---|
| Network Firewall | Filters by IP, port, protocol | iptables, AWS Security Groups |
| WAF | Filters HTTP requests by content | Cloudflare WAF, AWS WAF |
| Host Firewall | Runs on individual servers | ufw (Ubuntu), Windows Firewall |
Basic Firewall Rules
- Allow 443 (HTTPS): For web traffic
- Allow 80 (HTTP): For redirects to HTTPS
- Allow 22 (SSH): For admin access, restrict to your IP
- Block everything else: Default deny
Enable firewall
sudo ufw enable
Allow web traffic
sudo ufw allow 443/tcp sudo ufw allow 80/tcp
Allow SSH only from your IP
sudo ufw allow from 203.0.113.0 to any port 22
Check status
sudo ufw status
Web Application Firewall (WAF)
A WAF goes beyond network filtering. It inspects HTTP requests and can block:
- SQL injection attempts
- XSS attacks
- Known malicious patterns
- Bot traffic
What is the difference between a firewall and a WAF?
A traditional firewall filters traffic at the network level (IP addresses, ports). A WAF (Web Application Firewall) operates at the application level, understanding HTTP and filtering based on request content. WAFs can block SQL injection and XSS attacks that network firewalls cannot detect.
Do I need a firewall if I use a cloud provider?
Yes, but cloud providers offer built-in options. AWS has Security Groups and Network ACLs. GCP has VPC firewall rules. These act as firewalls for your cloud resources. You should configure them to only allow necessary traffic to your servers.
What ports should I open on my firewall?
Only open ports you need. For a web server: 80 (HTTP), 443 (HTTPS), and 22 (SSH) for admin access. Close everything else. For databases, only allow connections from your application servers, never the public internet. Apply the principle of least privilege.
Check Your Security Configuration
Scan your app for exposed ports and security issues.
Start Free Scan