A firewall is a machine that sits between a network and the rest of the Internet, attempting to ensure that nothing "bad" from the Internet harms the network. You can also set up firewall features for each machine, where the machine screens all of its incoming and outgoing data at the packet level (as opposed to the application layer, where server programs usually try to perform some access control of their own). Firewalling on individual machines is sometimes called IP filtering.
To understand how firewalls work, consider that there are three times when a system can filter packets:
When the system receives a packet
When the system sends a packet
When the system forwards (routes) a packet to another host or gateway
With no firewalling in ...