Deciding When to Stop the Traffic

Based on the facts in this short section, a firewall can look at a packet, figure out who's the initiator (client) of the connection, and determine which protocol (well-known port) is being used. Knowing those facts, the firewall can apply the rules about what is and isn't allowed.

Figure 18-6 shows an example of how a firewall thinks when it sees the first packet in a new connection. In fact, it's the same TCP connection shown in Figure 18-5.