The Gateway to Computer Science Excellence
First time here? Checkout the FAQ!
+25 votes

A layer-$4$ firewall (a device that can look at all protocol headers up to the transport layer) CANNOT

  1. block entire $\text{HTTP}$ traffic during $9:00PM$ and $5:00AM$
  2. block all $\text{ICMP}$ traffic
  3. stop incoming traffic from specific $\text{IP}$ address but allow outgoing traffic to the same IP address
  4. block $\text{TCP}$ traffic from a specific user on a multi-user system during $9:00PM$ to $5:00AM$
asked in Computer Networks by Veteran (96.1k points)
edited by | 5.6k views
ans will be a as http works at application layer n firewall layer 4 cant see it
that can be taken care of by port number 80....
(A)since,it is a layer 4 firewall,it cannot block application layer protocol like HTTP.
transport layer has port number and port number of http is 80 and thus firewall can block http traffic
Question here is asking for can not . Option D is not possible by firewall

2 Answers

+68 votes
Best answer

Answer is (D).

(A) It is POSSIBLE to block "entire" HTTP traffic by blocking all the traffic on port number $80$ Since here we DON'T need to check anything that is application layer specific. We only need to block port no $80$ for required time span.

(B) & (C) are fairly possible to achieve.

(D) However (D) is not possible to achieve although the service uses TCP at transport layer. But see the question. We dont need to block entire TCP traffic so we cant block any specific PORT number. Also it is given that IT IS MULTI- USER System and so many user may be using same port for communication.Therefore blocking that port would block all the users  WHILE we want a specific user. So how to do that. To do so we need Application layer specific information of the user like user_id type of things which cant be checked as it is $4$-layer firewall. So it is not possible to allow other users and block some specific at the same time using
a $4$-layer firewall  (unless they all be using different port numbers which we actually cant predict).

answered by Loyal (7.7k points)
edited by
Please confirm the answer as the answer given on this site says a) as the correct answer.

Link-  Q. 11

Shoiuldn't it be Option : (A) !!!

Each user has a specific IP address. Why can't we filter at IP level?

Each user has a specific IP address. Why can't we filter at IP level?

Good point @Ram Sharma1 ji. "specific user on a multi-user system". means multiple users are sharing same IP.

How to block all ICMP traffic? By port no.. 80?

How to block all ICMP traffic? By port no.. 80?

@rahul sharma 5 ji,

Network Layer stores protocol type(for ICMP it is 1.) and Transport Layer has Port number.

+5 votes
Since it Layer-4 firewall so it includes the following layer ::

Physical layer,Data Link layer,Network layer as well s Transport layer.

So all functionalities of above layer can be prevented by Layer-4 protocol except last one which is associated with the application layer.
answered by Loyal (9.7k points)
So which is the correct answer ?
I think HTTP belong from layer 5 show anw may be option A.

Related questions

Quick search syntax
tags tag:apple
author user:martin
title title:apple
content content:apple
exclude -tag:apple
force match +apple
views views:100
score score:10
answers answers:2
is accepted isaccepted:true
is closed isclosed:true
49,535 questions
54,122 answers
71,039 users