Common firewall systems are generally constructed according to four models:
Filter router model,
Single-homed bastion host (shielded host firewall) model,
Dual-homed bastion host model (shielded firewall system model)
Shield the subnet model.

Screening router model. The screening router model is the first line of defense of the network. The function is to implement packet filtering. When creating the corresponding filtering strategy, network security firewall there are considerable requirements for the staff’s knowledge of TCP/IP. If the filtering router is compromised by hackers, then the internal network It will become very dangerous. The firewall cannot hide your internal network information, and does not have monitoring and logging functions.

Single-homed bastion host model, dual-homed bastion host model, dual-homed bastion host model (shielding firewall system), can construct a more secure firewall system. The dual-homed bastion host has two network interfaces, but the function of the host to directly forward information between the two ports is turned off. In the physical structure, all information going to the internal network is forcibly passed through the bastion host.

Shielded subnet model The shielded subnet model uses two packet filtering routers and a bastion host. It is one of the most secure firewall systems because it supports the network after defining the "neutral zone" (DMZ, Demilitarized Zone) network Layer and application layer security functions. The network administrator places the bastion host, information server, modem group, and other public servers on the DMZ network. If a hacker wants to break through the firewall, he must break through the above three separate devices.

like：

What is the difference between a network security router and a hardwar
What is a computer firewall? What is the role of a firewall?
What are the types and advantages of firewalls