A packet filtering router may act as part of a firewall. A Cisco router can filter packets in several ways:

  • The first filtering point to consider is the IP address in the IP layer. A packet filtering router can accept or reject packets based on the source or destination IP address.
  • The host to host layer. It may filter access to or from certain services, allowing or denying tftp, telnet access, and ftp access.
  • Established connection. It can allow connections that have originated from within the protected network but block all those originating outside.