The Various kinds of firewall used for network security are as follows:

1. Packet Filter:

• A packet filter firewall (figure 1) examines packets up to the network layer and can only filter packets based on the information that is available at the network layer.
• The information at this layer includes the source IP address, the destination IP address, the source port, the destination port, and the TCP flag bits. Such a firewall can filter packets based on ingress or egress, that is, it can have different filtering rules for incoming and outgoing packets.
• A packet filter receives packets and passes them through a set of rules, if they match the rules then accept or reject.

Figure 1

• The primary advantage of a packet filter is efficiency. Packets only need to be processed up to the network layer and only header information is examined, the entire operation is very efficient.
• The disadvantages are the firewall has no concept of state, so each packet is treated independently of all others. A packet filter can't examine a TCP connection. A packet filter firewall is blind to application data where viruses and other malware reside.  Packet filters are configured using access control lists (ACLs).

2. Stateful Packet Filter:

• A stateful packet filter (figure 2) adds state to a packet filter firewall which means that the firewall keeps track of TCP connections and can remember UDP connections as well.
• A stateful packet filter operates at the transport layer, since it is maintains information about connections.

Figure 2

• The primary advantage of a stateful packet filter is that it adds all the features of a packet filter and it also keeps track of ongoing connection. This prevents many attacks, such as the TCP ACK scan.
• The disadvantages of a stateful packet filter are that it cannot examine application data and is slower than a packet filtering firewall since more processing is required.

3. Application Proxy:

• A proxy means acting on your behalf of something. An application proxy firewall processes incoming packets all the way up to the application layer.
• The firewall (figure 3) acting on your behalf then verifies the packet that appears to be legitimate and also verifies that the actual data inside the packet is safe.
• One interesting feature of an application proxy is that the incoming packet is destroyed and a new packet is created in its place when the data passes through the firewall. This looks like a minor and insignificant but it is actually a security feature.

Figure 3

• The primary advantage of an application proxy is that it has a complete view of connections and application data.
• The application proxy can filter bad data at the application layer while also filtering bad packets at the transport layer.
• The disadvantage of an application proxy is speed. Since the firewall is processing packets to the application layer, examining the resulting data, maintaining state, etc., it is doing a great deal more work than packet filtering firewalls.

4. Personal Firewall:

• A personal firewall is used to protect a single host or a small network such as a home network. Home users need to use firewall to protect their system from outside network.
• Using a separate firewall system would be expensive. To tackle this problem personal firewall are used.
• A personal firewall is an application program that runs on a work station to block unwanted traffic from network. It can complement the work of conventional firewall by screening the kind of data a single host will accept. It may be used to enforce certain policies.
• Any of the packet filter, stateful filter or application proxy can be used which are simpler for the sake of efficiency.
• Example: Users may decide that certain sites such as computers on company network are highly trustworthy but most other sites are not.
• It is general practice to combine virus scanner with a personal firewall. A user may forget to run virus scanner daily. The combination of virus scanner and personal firewall is both effective and efficient.

Comparison: