A firewall is simply a program or hardware device that filters the information coming through the internet connection or computer system. It filters the incoming and outgoing network traffic using some pre determined criteria.

Thus, a firewall forms a barrier through which the traffic going in each direction must pass. The firewall’s security policy dictates which traffic is authorized to pass in each direction.

Service control: Determines the types of internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a web or mail service.

Direction control: Determines the direction in which a particular service requests may be initiated and allowed to flow through the firewall.

Firewalls generally use two or more of the following methods:

• Packet filtering 
• Application gateway 
• Circult level gateway 
• Proxy servers 
• Stateful inspection or Dynamic packet filtering 

Firewalls are generally categorized as network-based or host-based. 

Network layer firewalls: Also called packet filters, operate at a relatively low level of the TCP/ IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. 

Application-layer firewalls: The work on the application level of the TCP/ IP stack (i.e., all the browser traffic, or all the telnet or FTP traffic), and may intercept all the packets traveling to or from an application.

In nutshell, a firewall – 

• Saves money by concentrating the security on a small number of components
• Helps simplify the architecture of a system by restricting access only to machines that trust each other

Limitations:

• A firewall cannot protect against any attacks that bypass the firewall. For example, other back-doors into the network.  
• Firewall doesn’t protect against the internal threats from traitors. 
• Firewalls can't protect against tunneling over most application protocols. For example, firewall cannot protect against the transfer of virus-infected programs or files. 

Features to Look for:

• Cost 
• Graphical User Interface 
• Efficiency in prohibiting potentially vulnerable services from entering or leaving the network 
• Whether provides protection from IP and device spoofing 
• Whether can be used to implement VPNs, audits and alarms 
• Customizable, regular and automatic updates 
• Technical support quality 
• Ability to record and reports on events