Network address translation (NAT): Every system on the Internet needs an IP address to connect to other systems. NAT foils unauthorized connections by giving devices behind the firewall a set of private addresses, while presenting to the world a single, public address. This makes it difficult to reach through the firewall to an individual device.
Port management: By default, most hardware firewalls close unsolicited access to all ports on your device. If an automated software or hacker tries to access your computer through a specific port the firewall would ignore the request. As far as the inquiring software can tell, there is simply nothing there. By the same token, firewalls can let you open specific ports (an action known as port forwarding), so a multiplayer game can link up with other systems across the Internet or a Web camera can send a video stream to view on the Internet.
Content and URL filtering: Firewalls can also offer higher-level features, for instance, blocking access to URLs with a specified string of letters in their URL (think "XXX") or to any sites that fall outside of a list of accepted Web domain names.
It should be noted that Firewalls are great at stopping unwanted intrusions, but they often do little or nothing to detect virus-laden e-mails or stop intrusive adware and spyware. It is generally recommended to use a Firewall in conjunction with a separate antivirus, anti-malware, and/or anti-spyware software.