Where do you want to go next?here's for you :)about homeopathyassorted rantsVB and subclassingVB, screensavers and security concernsLet the Skriptkiddiots play...VB and pointersVB and the Windows shellVB and multitaskingVisual Basiclibrariessnakeoil and blatant liesZoneAlarmeSafefirewall basicsabout harmful codeIn Commerce' Service - sniffersabout spywarecookie jarabout PGPabout privacymain page

A firewall is a program that sits between you and the net. It lets in what you welcome while keeping out the public.


To understand what a firewall does, you have to know a little of the techniques used in the net, but not too much :)


Every computer that connects to the net must have an IP. Without it, no server you access would know who called him and be unable to answer your request.


When you have a dial-up connection, you get one IP out of the range your provider (ISP) reserved for such connections. This is called "dynamic IP".


The protocol called TCP/IP consists of two parts: the TCP and the IP. Always stating the obvious, that's me ;)


Imagine it as two people sitting in a car. The first part, TCP (Transport Control Protocol), is responsible for driving the car, while the second part, IP (Internet Protocol), reads the map and gives directions.


The "car" is a so-called "package", a chunk of data that travel from A to B. Each of those cars has two number plates, one showing the destination, the other showing the origin of the car.


IPs, as you surely know, are denoted in four triples of numbers ranging from 0 to 255, each triple seperated from the next by a dot. Those triples are classified as class A, B, and C. Thus, if you see but the first triple, you have a Class A before you, two triples means Class B, and three triples Class C. Imagine it as A.B.C.x with x being a number from 0 to 255, too.


Machines deal with numbers, but humans don't memorize numbers well. So the concept of "nameservers" was developed.


A nameserver resembles a phonebook. It translates the names your machine sends to it to the numbers your machine needs. So if you type a name instead of an IP, your own machine will first call the operator (the nameserver) for the number and then connect to it's partner on the net.


Above TCP/IP you'll find more so-called "layers". HTTP ("surfing the WWW"), POP3 (mail incoming), SMTP (mail outgoing) or NNTP (usenet aka "newsgroups") are spread widest.


These layers have a set of commands that are transmitted over TCP/IP to a receiver on the other end of the line. Most of the time you'll find the receiver on a "well-known port". Those ports are by common consent assigned to the layer and used throughout the net. For HTTP this is port 80, for POP3 port 110, for SMTP port 25 and for NNTP port 119.


This should be enough to understand the firewalls-pages :)

I compiled some tips about configuring your own firewall on the eSafe-page.