Firewalls are sometimes confused with proxies?, which work at the application level. Firewalls operate at the low level of the TCP/IP? protocol stack as packet filters, not allowing packets to pass the firewall unless they meet the rules defined by the firewall administrator.
Firewalls generally fall into two categories, stateful and non-stateful. Stateful firewalls also hold some information on the state of connections (i.e. established or not) as part of their rules (e.g. only hosts inside the firewall can establish connections on a certain port).