Quote:
Originally Posted by
mohtashims
2. Also, from @Chubler_XL's statement I understand that there is no way to remotely monitor the firewall like we monitor SMTP [port 25] or SSH [port 22].
Correct.
A firewall is not a service, but a software controlling the network operation of a system:
Let us start with a router: a router basically is a system with two network interfaces which stand in different IP-networks and a machinery in between which relays traffice between these two networks from one interface to the other, based on some rules (the "routing table"). Routing takes place on layer 3 of the network and hence the router "operates at layer 3".
A firewall is a similar machinery but operates on (more correctly: on top of) layer 4: again two network interfaces homed in different IP-networks, but the machinery (usually some software - the firewall process) in between operates on layer 4 and relays layer-4-packets (TCP, UDP, and similar protocols) between these two interfaces.
Per default all packets are "not relayed" (blocked) this way. By configuring rules some of these packets are allowed nonetheless and therefore indeed relayed.
There are two fundamental ways such firewalls operate: packet-filtering and stateful inspection.
In packet filtering the rules state which port of a certain IP on one side may communicate with which port on which IP on the other side. No effort is made to monitor the communication other than allowing some IP/port/destination/origin-combinations and blocking everything else.
Stateful inspection is different: packets are interpreted and their content is checked. Packets (or, rather, whole connections) are allowed/disallowed based on these checks. This needs a lot more computing and is a lot more intrusive than packet filtering and therefore real-world firewalls are usually a combination of both packet filters and some stateful inspection.
I hope this helps.
bakunin