# Ingress filtering > computer network packet filtering technique **Wikidata**: [Q1663279](https://www.wikidata.org/wiki/Q1663279) **Wikipedia**: [English](https://en.wikipedia.org/wiki/Ingress_filtering) **Source**: https://4ort.xyz/entity/ingress-filtering ## Summary Ingress filtering is a computer network packet filtering technique that controls incoming traffic to prevent malicious data from entering a network. It operates as a subset of firewall security systems by examining packets and allowing only legitimate communications based on predetermined rules. ## Key Facts - Ingress filtering is a computer network packet filtering technique - It is classified as a type of firewall - It is documented in Wikipedia across 6 languages: Arabic, Catalan, German, English, Spanish, and Korean - The entity has 6 sitelinks - Its freebase identifier is /m/08l1gg - Its Microsoft Academic ID (discontinued) was 66879421 - It serves as a network security mechanism to monitor and control incoming traffic ## FAQs ### Q: What is the purpose of Ingress filtering? A: Ingress filtering is designed to prevent malicious network traffic from entering a protected network by examining incoming packets against security rules. It helps mitigate attacks such as IP spoofing and unauthorized access attempts. ### Q: How does Ingress filtering differ from Egress filtering? A: While Ingress filtering controls incoming traffic to a network, Egress filtering controls outgoing traffic. Ingress focuses on what enters the network to prevent external threats, whereas Egress focuses on what leaves to prevent data exfiltration and misuse of network resources. ### Q: What types of attacks can Ingress filtering help prevent? A: Ingress filtering can help prevent IP spoofing attacks, where attackers send packets with falsified source IP addresses to obscure their identity. It can also block attempts at unauthorized network access and help prevent distributed denial-of-service (DDoS) attacks by filtering malicious incoming traffic. ## Why It Matters Ingress filtering plays a critical role in modern network security by forming the first line of defense against external threats. It prevents malicious actors from sending fraudulent network packets that could compromise system integrity or launch attacks. By verifying that incoming packets originate from legitimate sources, it helps combat IP spoofing, a common technique used in denial-of-service attacks and other malicious activities. The implementation of proper ingress filtering has become a fundamental security practice recommended by organizations like the Internet Engineering Task Force (IETF), contributing to the overall health and stability of internet infrastructure. For businesses and institutions, effective ingress filtering is essential for protecting sensitive data, maintaining service availability, and complying with regulatory requirements. ## Notable For - Pioneered as a fundamental technique to combat IP spoofing on the internet - Recognized as a critical component of comprehensive firewall security systems - Implemented across major network infrastructure as a standard security measure - Documented across multiple language Wikipedia editions indicating its global importance in network security ## Body ### Technical Definition Ingress filtering is a computer network packet filtering technique specifically designed to monitor and control incoming network traffic. It operates by examining packets as they enter a network interface and making decisions based on predetermined security rules. ### Relationship with Firewalls Ingress filtering is classified as a type of firewall system. Firewalls are network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules. Ingress filtering specifically targets the incoming (ingress) portion of this traffic, distinguishing it from egress filtering which handles outgoing traffic. ### Documentation and Recognition The entity "Ingress filtering" is documented in Wikipedia across 6 languages: Arabic, Catalan, German, English, Spanish, and Korean. This indicates its global importance in the field of network security. It has a freebase identifier of /m/08l1gg and a Microsoft Academic ID (discontinued) of 66879421. ### Implementation Context While specific implementation details are not provided in the source material, ingress filtering is typically deployed at network boundaries such as routers, firewalls, and other network edge devices. It serves as a security measure to validate that incoming traffic originates from legitimate sources, helping prevent various types of cyber attacks.