To prevent unauthorised access to a machine or network.
It monitors all traffic which passes through it and can permit or deny it based on programmed rules.
Hardware and software
A physical firewall is a physical device which is located at (usually) the internet connection of the network. It protects the entire network from outside intrusion.
A software firewall is a program which runs on an individual device and just protects that device from outside intrusion.
The parameters that can filter traffic are:
- Source or destination IP address.
- Protocol used such as HTTP
- Port number used such as 80
- Specific words or phrases
- Domain names
- Program or application
This is not an exhaustive list and are only examples.