Chapter 10 Firewalls 169Nortel Business Secure Router 222 Configuration — BasicsPacket filtering vs. firewallBelow are some comparisons between the filtering and firewall functions of theBusiness Secure Router.Packet filtering:• The router filters packets as they pass through the router’s interface accordingto the filter rules you designed.• Packet filtering is a powerful tool, yet can be complex to configure andmaintain, especially if you need a chain of rules to filter a service.• Packet filtering only checks the header portion of an IP packet.When to use filtering1 To block or allow LAN packets by their MAC addresses.2 To block or allow special IP packets that are neither TCP nor UDP, nor ICMPpackets.3 To block or allow both inbound (WAN to LAN) and outbound (LAN to WAN)traffic between the specific inside host or network A and outside host ornetwork B. If the filter blocks the traffic from A to B, it also blocks the trafficfrom B to A. Filters cannot distinguish traffic originating from an inside hostor an outside host by IP address.4 To block or allow IP trace route.Firewall• The firewall inspects packet contents as well as their source and destinationaddresses. Firewalls of this type employ an inspection module, applicable toall protocols, that understands data in the packet is intended for other layers,from the network layer (IP headers) up to the application layer.• The firewall performs stateful inspection. It takes into account the state of theconnections it handles, so that, for example, a legitimate incoming packet canbe matched with the outbound request for that packet and allowed in.Conversely, an incoming packet masquerading as a response to a nonexistentoutbound request can be blocked.