[{"data":1,"prerenderedAt":257},["ShallowReactive",2],{"blog-glossary/firewall":3},{"id":4,"title":5,"body":6,"category":233,"date":234,"dateModified":234,"description":235,"draft":236,"extension":237,"faq":238,"featured":236,"headerVariant":242,"image":243,"keywords":243,"meta":244,"navigation":245,"ogDescription":246,"ogTitle":243,"path":247,"readTime":248,"schemaOrg":249,"schemaType":250,"seo":251,"sitemap":252,"stem":253,"tags":254,"twitterCard":255,"__hash__":256},"blog/blog/glossary/firewall.md","What is a Firewall? Network Security Basics",{"type":7,"value":8,"toc":224},"minimark",[9,16,21,24,28,84,88,117,150,154,157,171,193,212],[10,11,12],"tldr",{},[13,14,15],"p",{},"A firewall is a gatekeeper that controls what traffic can reach your server. It blocks connections from unauthorized sources and only allows traffic on specific ports. Network firewalls filter by IP and port. Web Application Firewalls (WAFs) understand HTTP and can block attacks like SQL injection. Cloud providers include firewall features you should configure.",[17,18,20],"h2",{"id":19},"the-simple-explanation","The Simple Explanation",[13,22,23],{},"Think of a firewall as a bouncer at a club. It checks each connection attempt against a list of rules. \"Are you trying to reach port 443? OK, come in. Port 3306 from the internet? No entry.\" This stops attackers from reaching services that should not be public.",[17,25,27],{"id":26},"types-of-firewalls","Types of Firewalls",[29,30,31,47],"table",{},[32,33,34],"thead",{},[35,36,37,41,44],"tr",{},[38,39,40],"th",{},"Type",[38,42,43],{},"What It Does",[38,45,46],{},"Examples",[48,49,50,62,73],"tbody",{},[35,51,52,56,59],{},[53,54,55],"td",{},"Network Firewall",[53,57,58],{},"Filters by IP, port, protocol",[53,60,61],{},"iptables, AWS Security Groups",[35,63,64,67,70],{},[53,65,66],{},"WAF",[53,68,69],{},"Filters HTTP requests by content",[53,71,72],{},"Cloudflare WAF, AWS WAF",[35,74,75,78,81],{},[53,76,77],{},"Host Firewall",[53,79,80],{},"Runs on individual servers",[53,82,83],{},"ufw (Ubuntu), Windows Firewall",[17,85,87],{"id":86},"basic-firewall-rules","Basic Firewall Rules",[89,90,91,99,105,111],"ul",{},[92,93,94,98],"li",{},[95,96,97],"strong",{},"Allow 443 (HTTPS):"," For web traffic",[92,100,101,104],{},[95,102,103],{},"Allow 80 (HTTP):"," For redirects to HTTPS",[92,106,107,110],{},[95,108,109],{},"Allow 22 (SSH):"," For admin access, restrict to your IP",[92,112,113,116],{},[95,114,115],{},"Block everything else:"," Default deny",[118,119,121,126,129,133,136,140,143,147],"prompt-box",{"title":120},"Ubuntu UFW example",[122,123,125],"h1",{"id":124},"enable-firewall","Enable firewall",[13,127,128],{},"sudo ufw enable",[122,130,132],{"id":131},"allow-web-traffic","Allow web traffic",[13,134,135],{},"sudo ufw allow 443/tcp\nsudo ufw allow 80/tcp",[122,137,139],{"id":138},"allow-ssh-only-from-your-ip","Allow SSH only from your IP",[13,141,142],{},"sudo ufw allow from 203.0.113.0 to any port 22",[122,144,146],{"id":145},"check-status","Check status",[13,148,149],{},"sudo ufw status",[17,151,153],{"id":152},"web-application-firewall-waf","Web Application Firewall (WAF)",[13,155,156],{},"A WAF goes beyond network filtering. It inspects HTTP requests and can block:",[89,158,159,162,165,168],{},[92,160,161],{},"SQL injection attempts",[92,163,164],{},"XSS attacks",[92,166,167],{},"Known malicious patterns",[92,169,170],{},"Bot traffic",[172,173,174,181,187],"faq-section",{},[175,176,178],"faq-item",{"question":177},"What is the difference between a firewall and a WAF?",[13,179,180],{},"A traditional firewall filters traffic at the network level (IP addresses, ports). A WAF (Web Application Firewall) operates at the application level, understanding HTTP and filtering based on request content. WAFs can block SQL injection and XSS attacks that network firewalls cannot detect.",[175,182,184],{"question":183},"Do I need a firewall if I use a cloud provider?",[13,185,186],{},"Yes, but cloud providers offer built-in options. AWS has Security Groups and Network ACLs. GCP has VPC firewall rules. These act as firewalls for your cloud resources. You should configure them to only allow necessary traffic to your servers.",[175,188,190],{"question":189},"What ports should I open on my firewall?",[13,191,192],{},"Only open ports you need. For a web server: 80 (HTTP), 443 (HTTPS), and 22 (SSH) for admin access. Close everything else. For databases, only allow connections from your application servers, never the public internet. Apply the principle of least privilege.",[194,195,196,202,207],"related-articles",{},[197,198],"related-card",{"description":199,"href":200,"title":201},"What firewalls help prevent","/blog/glossary/ddos","DDoS",[197,203],{"description":204,"href":205,"title":206},"Secure network access","/blog/glossary/vpn","VPN",[197,208],{"description":209,"href":210,"title":211},"WAFs help block this","/blog/glossary/sql-injection","SQL Injection",[213,214,217,221],"cta-box",{"href":215,"label":216},"/","Start Free Scan",[17,218,220],{"id":219},"check-your-security-configuration","Check Your Security Configuration",[13,222,223],{},"Scan your app for exposed ports and security issues.",{"title":225,"searchDepth":226,"depth":226,"links":227},"",2,[228,229,230,231,232],{"id":19,"depth":226,"text":20},{"id":26,"depth":226,"text":27},{"id":86,"depth":226,"text":87},{"id":152,"depth":226,"text":153},{"id":219,"depth":226,"text":220},"glossary","2026-01-07","Learn what firewalls are, how they protect your server, and the difference between network and web application firewalls. Security guide.",false,"md",[239,240,241],{"question":177,"answer":180},{"question":183,"answer":186},{"question":189,"answer":192},"green",null,{},true,"Firewalls filter traffic to protect your servers. Learn the basics.","/blog/glossary/firewall","4 min read","[object Object]","DefinedTerm",{"title":5,"description":235},{"loc":247},"blog/glossary/firewall",[],"summary_large_image","LiWKdTbyU8u5-k2KU-NOUOoBdXzWUpDGFqWbLsnG9YI",1775843922925]