Where does a firewall application fit into the software stack?

firewall port

Solution 1:

Put simply, the local firewall on your machine acts as a gatekeeper for actual traffic that will be passing through your operating system's network stack.

So, it'd go as such:

Software -> Network Stack (In/Out) -> Firewall -> Network

It does not prevent port bindings as the kernel handles this. It will however prevent traffic on the port(s) if configured to do so.

Solution 2:

There are (for all practical purposes) two different layers in play with what you're asking.

An app asking for a port binding is at a different level than where the firewall operates. An app will talk directly to the TCP/IP stack to get a binding. That happens completely independently of any firewall, regardless of if the firewall is local to the app host or a remote system.

Firewalls will intercept packets on ports they are configured to pay attention to once the bindings have already been granted. Then, once packets start flowing through those ports, the firewall can do its work and inspect the traffic. That's when the firewall will do it's allowing or blocking.

Related

tail all log files in a directory | exclude zipped files
How can I suppress Postfix anvil statistics from system logs?
What SSL Certificate works WITHOUT an intermediate certificate?
Active Directory Permissions: Delete vs Move
Slow download big static files from nginx
Response time slows as the day goes on, where to start troubleshooting?
php slowlog causing ptrace error in docker container
php56w-common conflicts with older version of php (Centos)
/dev/centos/root does not exist after migrating CentOS7 from vmware to Xen
HyperV Failover Cluster (with/without CSV)
Change firefox menu color using userChrome.css
Letting administrative level users other than 'administrator' access c$ in Windows 7