Firewall operating on the application layer of the
Protocol stack. Generally a host using various forms of proxyservers to proxy traffic, instead of routing it. As it works on the application layer, it may also inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate content, such as certain websites, viruses, known attempts to exploit logical flaws in client software, and so forth.
An application layer firewall does not route traffic on the network layer. All traffic stops at the firewall, and the firewall may initiate its own connections, if it finds that the traffic is ok according to the rules.