TL;DR
Filtered ports mean a firewall is actively examining traffic and deciding whether to allow it based on rules. Blocked ports mean the firewall simply drops all traffic, without inspection.
Understanding Ports
Think of ports as doors on your computer. Each application (like web browsing or email) uses a specific door (port number) to communicate over the internet. Ports are numbered from 0 to 65535.
1. Blocked Ports
- What they do: A blocked port is completely shut down. Any attempt to connect to that port will be ignored by your firewall. It’s like a door welded shut – no one gets through.
- How it works: The firewall has a rule explicitly stating to drop all incoming and/or outgoing traffic on that port.
- Detection: When you try to connect, you usually get an error message like ‘Connection refused’ or the connection times out.
- Example (using
iptableson Linux):sudo iptables -A INPUT --dport 25 -j DROPThis command blocks all incoming traffic on port 25 (commonly used for SMTP email).
2. Filtered Ports
- What they do: A filtered port means the firewall is actively looking at the connection request. It’s like a door with a security guard checking IDs before letting anyone in.
- How it works: The firewall doesn’t immediately reject or accept traffic. It evaluates rules based on source IP address, destination IP address, protocol (TCP/UDP), and other factors. If no rule matches, the packet is often dropped silently.
- Detection: When you scan a filtered port, tools like
nmapwill report ‘filtered’. This doesn’t mean it’s blocked; it just means the firewall is interfering with the connection attempt. - Example (using
iptableson Linux):sudo iptables -A INPUT --dport 80 -j REJECTThis command rejects incoming traffic on port 80 (commonly used for HTTP web traffic). While this *acts* like a block, the ‘REJECT’ action sends an ICMP message back to the sender. Using ‘-j DROP’ would filter more silently.
3. Key Differences Summarised
| Feature | Blocked Port | Filtered Port |
|---|---|---|
| Firewall Action | Drops all traffic immediately. | Examines traffic based on rules; may drop or allow. |
| Connection Attempt Result | ‘Connection refused’, timeout. | ‘Filtered’ (as reported by scanning tools). |
| Inspection | No inspection. | Traffic is inspected. |
4. Why does it matter?
- cyber security: Filtering allows for more granular control, enabling you to allow legitimate traffic while blocking malicious attempts.
- Troubleshooting: Knowing whether a port is blocked or filtered helps diagnose network issues. A ‘filtered’ port suggests a firewall rule is the cause, whereas a ‘blocked’ port might indicate a misconfiguration.