Packet Filtering

This article explains packets, packet headers, and packet filtering. What can the option of allowing or disallowing packets be based on? What are the weaknesses and advantages of packet filtering? After you read, you should be able to describe packets and packet headers.

4. Application gateway

The application level gateway is a proxy for applications, exchanging data with remote systems on behalf of the clients. It is kept away from the public safely behind a DMZ (De-Militarized Zone: the portion of a private network that is visible through the firewall) or a firewall allowing no connections from the outside. Filtering is based on:

Allow or disallow based on source/destination IP address.
Based on the packet's content.
Limiting file access based on file type or extension.

Advantages:

Can cache files, increasing network performance.
Detailed logging of all connections.
Scales well (some proxy servers can "share" the cached data).
No direct access from the outside.
Can even alter the packet content on the fly.

Weakness:

Configuration is complex.
Application gateways are considered to be the most secure solution since they do not have to run as root and the hosts behind them are not reachable from the Internet.

Example of a free application gateway:

Squid