Firewalls primarily operate at Layer 3 (Network) and Layer 4 (Transport) of the OSI model. They inspect:
IP headers (Layer 3)
TCP/UDP port numbers (Layer 4)
Application-specific data in Layer 7-aware firewalls (for application filtering)
By examining transport layer port numbers and application layer headers, firewalls can block or allow traffic based on services like HTTP (port 80), FTP (port 21), and others.
Reference – CEH v13 Official Study Guide:
Module 13: Evading IDS, Firewalls, and Honeypots
Quote:
“Firewalls filter traffic based on IP addresses, transport-layer port numbers, and application protocol headers to control access to services and applications.”
Incorrect Options:
B & C. Presentation and session layers are not relevant to firewall rule inspection.
D. Application layer doesn’t have port numbers; they are part of the transport layer.
===========
