There are several types of firewall techniques:
Packet filtering: The system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Circuit-level gateway implementation: This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Acting as a proxy server: A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewalling capabilities lie in the fact that a proxy can be configured to only allow certain types of traffic (e.g., HTTP files, or web pages) through. A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.
For more information, refer to the Knowledge Base document What is a proxy server?
In practice, many firewalls use two or more of these techniques in concert.
A firewall is considered a first line of defense in protecting private information. It cannot be considered the only line, however, since firewalls are mostly designed to protect network traffic and connections, and therefore do not attempt to authenticate users (i.e., determine who is and who isn't allowed to use the computer the firewall is protecting, or see the traffic coming to it).
The most common of free software firewalls for Windows is the one built into Windows XP. Windows 2000 had packet filtering abilities, but it wasn't a true firewall; it was not intended to block traffic and protect the computer, but rather to classify certain packets and treat them differently. Earlier versions of Windows did not have firewalls built in at all.
Macintosh computers running Mac OS X 10.2 and later are also equipped with a built-in firewall.
Third-party packages exist, such as Zone Alarm, Norton Personal Firewall, Tiny, Black Ice Protection, and McAfee Personal Firewall. Many offer free versions, or at least free trials of their commercial versions.
Many home and small office broadband routers have at least rudimentary firewalling capabilities built in. These tend to be simply port/protocol filters, although models with much finer control are available.