Firewalls come in several categories and sub-categories. The basic goal is to prevent intrusion, the difference is in how they try to accomplish this. The major categories of firewalls are network layer firewalls and application layer firewalls. The difference between the two is that the former operate at the low level of the TCP/IP protocol stack as packet filters, not allowing packets to pass the firewall unless they meet the rules defined by the firewall administrator - while the later work as proxies on the application level - and may inspect the contents of packets, sanitize them, and so forth.