How routers implement policies for packet filtering and forwarding on the web.

All routers today implement policies for packet filtering and forwarding and most of them use what are called Access Control Lists (ACLs) to configure these policies. These ACLs, in effect, control how network traffic is forwarded or dropped by the router based on the ACL rules. ACLs contain information about the source and destination address, the protocol used (i.e., UDP/TCP, etc.), port numbers used by the applications, and filtering rules. These ACL filtering rules can be applied to both incoming and outgoing packets. When packet arrives (or is being sent out of) a router, it is checked against these ‘rules’ and then is adjusted accordingly. If cleared by the router, it is said to be ‘permitted’, and is then forwarded to its destination, otherwise it is ‘denied’ and discarded/dropped by the router.

Let's consider the Juniper MX Series Universal Routing Platforms which contains a suite of enterprise grade routers. These devices have specs that can support enterprise level LANs and WANs. Juniper implements ACLs through what they call a stateless firewall filter, a service protects switches from malicious traffic. Juniper’s website provides a tutorial for how we can configure a router in a way that applies a policy of controlling the flow of traffic. Traffic that does not conform to this policy is then dropped. In this example, we are configuring the router to communicate with users by stipulating an outbound port will only send traffic with a source TCP HTTP port of 80 to users. Following this example, it's reasonable to assume that we could also configure ports of other common destination port numbers (i.e. SMTP/Port 25, SSH/Port 22, IMAP/Port 143, etc).

Source:

https://www.juniper.net/us/en/products/routers/mx- series/compare.html?p=MX10004,%20MX10008,%20and%20MX10016%20,MX204 Source: https://www.juniper.net/documentation/us/en/software/junos/cos/topics/example/policer-single- rate-two-color-mfc-example-egress.html