RFC 2979 (rfc2979) - Page 2 of 7
Behavior of and Requirements for Internet Firewalls
Alternative Format: Original Text Document
RFC 2979 Firewall Requirements October 2000
1.1. Requirements notation
This document occasionally uses terms that appear in capital letters.
When the terms "MUST", "SHOULD", "MUST NOT", "SHOULD NOT", and "MAY"
appear capitalized, they are being used to indicate particular
requirements of this specification. A discussion of the meanings of
these terms appears in RFC 2119 [2].
2. Characteristics
Firewalls either act as a protocol end point and relay (e.g., a SMTP
client/server or a Web proxy agent), as a packet filter, or some
combination of both.
When a firewall acts a protocol end point it may
(1) implement a "safe" subset of the protocol,
(2) perform extensive protocol validity checks,
(3) use an implementation methodology designed to minimize
the likelihood of bugs,
(4) run in an insulated, "safe" environment, or
(5) use some combination of these techniques in tandem.
Firewalls acting as packet filters aren't visible as protocol end
points. The firewall examines each packet and then
(1) passes the packet through to the other side unchanged,
(2) drops the packet entirely, or
(3) handles the packet itself in some way.
Firewalls typically base some of their decisions on IP source and
destination addresses and port numbers. For example, firewalls may
(1) block packets from the Internet side that claim a source
address of a system on the internal network,
(2) block TELNET or RLOGIN connections from the Internet to the
internal network,
(3) block SMTP and FTP connections to the Internet from internal
systems not authorized to send email or move files,
Freed Informational