RFC 2979 (rfc2979) - Page 2 of 7

Behavior of and Requirements for Internet Firewalls

RFC 2979                 Firewall Requirements              October 2000


1.1.  Requirements notation

   This document occasionally uses terms that appear in capital letters.
   When the terms "MUST", "SHOULD", "MUST NOT", "SHOULD NOT", and "MAY"
   appear capitalized, they are being used to indicate particular
   requirements of this specification.  A discussion of the meanings of
   these terms appears in RFC 2119 [2].

2.  Characteristics

   Firewalls either act as a protocol end point and relay (e.g., a SMTP
   client/server or a Web proxy agent), as a packet filter, or some
   combination of both.

   When a firewall acts a protocol end point it may

    (1)   implement a "safe" subset of the protocol,

    (2)   perform extensive protocol validity checks,

    (3)   use an implementation methodology designed to minimize
          the likelihood of bugs,

    (4)   run in an insulated, "safe" environment, or

    (5)   use some combination of these techniques in tandem.

   Firewalls acting as packet filters aren't visible as protocol end
   points.  The firewall examines each packet and then

    (1)   passes the packet through to the other side unchanged,

    (2)   drops the packet entirely, or

    (3)   handles the packet itself in some way.

   Firewalls typically base some of their decisions on IP source and
   destination addresses and port numbers.  For example, firewalls may

   (1)   block packets from the Internet side that claim a source
         address of a system on the internal network,

   (2)   block TELNET or RLOGIN connections from the Internet to the
         internal network,

   (3)   block SMTP and FTP connections to the Internet from internal
         systems not authorized to send email or move files,




Freed                        Informational