Which type of firewall filters packets based on IP address and port numbers?

A packet-filtering firewall operates by inspecting packets at the network layer, making decisions based on predefined rules that typically include IP addresses and port numbers. This type of firewall examines each packet individually, allowing or denying it based on whether it meets the specified criteria. By filtering packets in this manner, it helps control the flow of data into and out of a network, providing a fundamental level of security.

The focus on IP addresses and port numbers means that packet-filtering firewalls can be effective at blocking unwanted traffic based on its source or destination. This allows network administrators to configure rules that align with their security requirements and only permit traffic that is deemed safe.

In contrast, other firewall types operate at different layers or use different methods for filtering traffic. Stateful inspection firewalls track the state of active connections and make filtering decisions based on the context of the traffic rather than just looking at IP and port numbers. Application-level firewalls provide more granular control by filtering traffic based on the specific applications or services being accessed, while circuit-level gateways focus on establishing a virtual circuit without examining the packet contents deeply. Thus, the packet-filtering firewall's reliance on IP addresses and port numbers distinctly positions it as an essential tool for basic network security.