Firewalls are one of the oldest network security tools.
Many people think they are outdated or replaced by newer tools such as endpoint security or cloud security platforms, but this is not the case. Firewalls still play an important role in protecting networks, systems and data.
A firewall acts like a security guard at the entrance of a building. It decides what can come in, what can go out, and what should be blocked.
Although attacks have become more advanced, this basic control point is still essential.
In this article, I’ll explain what firewalls really do, how they work, and why every network still needs them today. We’ll also look at how firewalls have evolved to be useful in modern cloud and hybrid environments.
What we will cover
What is a firewall in simple words?
a Firewall A system that controls network traffic based on rules. These rules define which connections are allowed and which are denied. A firewall sits between a trusted system and an untrusted network, most often between an internal network and the Internet.
When data tries to move across the network, the firewall checks it. If the data follows the rules, it is allowed. If it breaks the rules, it is blocked or logged for review.
Firewalls can be hardware devices, software programs, or cloud-based services. No matter what, the goal is the same: they reduce risk by limiting exposure.
What do firewalls actually do?
At the most basic level, a firewall filters traffic. It looks at details like IP address, ports and protocols. For example, it can allow web traffic on port 443 but block unused or dangerous ports.
Modern firewalls go a long way. They can inspect traffic at a deeper level. This is called Deep Packet Inspection. Instead of examining where the traffic comes from, the firewall looks at what happens in the traffic.
Firewalls can also track connections over time. This is known as state inspection. The firewall understands whether the traffic is part of a valid conversation or an unexpected request. This helps prevent many common attacks.
Another important function of a firewall is logging. Firewalls record what they allow and what they block. These records are essential for audit, investigation and compliance requirements.
How Firewalls Reduce Attack Surfaces
Attack level means the number of ways an attacker can try to enter the system. Firewalls reduce this by blocking unnecessary paths.
Most systems do not need to expose all services to the Internet. A firewall ensures that only required services are accessible. Everything else remains hidden.
Even if an application has a vulnerability, a firewall can reduce the chance that attackers can access it. It doesn’t replace secure coding, but it adds a stronger layer of defense.
This is known as a layered approach Defense in depth. Firewalls are a fundamental layer in this strategy.
Protection from firewalls and internal networks
Many people think that firewalls are only for the edge of the network. This is no longer true. Internal firewalls are now just as important.
Within a network, different systems have different levels of vulnerability. A database should not be independently accessible from each workstation. Firewalls help enforce this separation.
This practice is often called network segmentation. By placing firewalls between network segments, organizations limit how far an attacker can travel if they can gain access to a system.
Internal firewalls are especially important in large environments, data centers, and cloud platforms.
Setting up a firewall
To put this into practice, let’s look at a real, working example UFWan open source firewall is available on most Linux systems. These are the actual commands you will run on the server.
We’ll assume a simple use case: the server should allow secure web traffic on port 443 and allow SSH access for administration. All other oncoming traffic must stop.
First, make sure you have UFW installed:
sudo apt update
sudo apt install ufw
Before enabling the firewall, define the default behavior. Blocking all incoming traffic by default is a safe baseline. Outbound traffic is allowed so the server can still reach external services.
sudo ufw default deny incoming
sudo ufw default allow outgoing
Next, allow SSH access. This is important so you don’t lock yourself out of the server.
sudo ufw allow ssh
If you prefer to be specific about the port, you can allow port 22 directly.
sudo ufw allow 22/tcp
Now allow HTTPS traffic so that users can access the web application.
sudo ufw allow 443/tcp
At this point, only SSH and HTTPs are allowed. Everything else is automatically blocked.
You can review the rules before activating the firewall.
sudo ufw status verbose
When you are satisfied with the rules, enable the firewall as follows:
sudo ufw enable
Once activated, UFW starts enforcing the rules immediately.
To confirm everything, check the status again.
sudo ufw status numbered
Logging is disabled by default. Enabling this provides visibility into blocked and allowed connections, useful for security monitoring and auditing.
sudo ufw logging on
UFW also supports simple protection against brute force attacks. For example, you can categorize the SSH connection limit.
sudo ufw limit ssh
This rule allows normal usage but blocks IP addresses that make too many connection attempts in a short period of time.
If you need to restrict access to a service by IP address, UFW also supports that. For example, to only allow SSH from a trusted office IP:
sudo ufw allow from 203.0.113.10 to any port 22 proto tcp
You can delete or change the rules as your needs evolve. For example, to delete a rule using its number, do this:
sudo ufw delete 3
This setup shows what a firewall actually looks like in practice. You define defaults, allow only what’s needed, enable logging, and enforce rules.
Although enterprise firewalls and cloud firewalls use more advanced interfaces, the underlying logic is the same. Clear rules control traffic flow, reduce attack surfaces, and provide visibility. Open source tools like OFW make it easy to understand and apply these concepts to real systems.
Firewalls in cloud and hybrid networks
Cloud computing changed how networks are built, but it didn’t eliminate the need for firewalls. In fact, it increased their importance.
In cloud environments, firewalls are often provided as managed services. They may be called security groups, network security rules, or cloud firewalls. The name changes, but the character remains the same.
Hybrid networks combine on-premise systems with cloud systems. Firewalls control traffic between these environments. They help enforce consistent security rules at venues.
Without a firewall, cloud resources will be directly exposed to the Internet. It would be risky and expensive.
Firewall and compliance requirements
Many industries have strict security rules. Banks, healthcare providers and large businesses must follow the rules. Firewalls help meet these needs.
Regulations often require network access control. They also require logging and monitoring. Firewalls provide both.
Auditors often ask for firewall configuration and logs. A well-managed firewall setup simplifies audits and reduces compliance risk.
Even small companies benefit from these controls. Security standards aren’t just for big businesses.
Common Misconceptions About Firewalls
A common myth is that firewalls block all attacks, but this is not true. Firewalls are not magic shields. They are part of a broader security strategy.
Another misconception is that firewalls slow down networks. Modern firewalls are designed for high performance. When formed correctly, the effect is minimal.
Some believe that Endpoint Security Replaces firewalls. Endpoint Point tools protect individual devices. Firewalls protect the network paths between them. Both are needed.
Understanding these limitations helps teams use firewalls effectively instead of blindly relying on them.
Why Firewalls Still Matter Today
Cyber attacks are more and more automated than ever. The exposed system is constantly scanned. Firewalls provide the first line of resistance.
New technologies do not eliminate the need for boundaries. Even The Zero Trust Model Rely on strict access controls, often enforced by systems such as firewalls.
Every network, no matter the size, benefits from clear rules about who can talk to whom. Firewalls enforce these rules reliably and visibly.
Without a firewall, organizations will rely solely on application security and user behavior. That’s not enough in today’s threat landscape.
A firewall as a foundation, not a finish line
Firewalls must be viewed as a foundation. They create a secure base on which other controls can work better.
Security monitoring, incident response, and threat detection all depend on traffic control flow. Firewalls make these systems more efficient.
When something goes wrong, firewall logs often provide the first indication. They show what happened at the network level.
This makes firewalls valuable not only for prevention, but also for understanding and recovery.
The result
Firewalls are not obsolete tools of the past. They are still essential to protect modern networks. They control access, reduce attack surfaces, support compliance and enable robust security design.
Although technology continues to change, the need to control network traffic does not go away. Firewalls have adapted to cloud, hybrid and complex environments.
Every network still needs a firewall. Not just as a defense, but as an important part of a layered security approach. When used correctly, firewalls do what they’ve always done best: keep the right doors open and the wrong ones closed.