A firewall is actually just a computer which inspect and forward traffic between an "outside" and an "inside" or two interfaces on the computer. As most communication are two-ways the firewall handle communication flows and recognize what is a call or an answer on previous made and permitted calls.

The normal procedure for a firewall is to permit all outgoing traffic while it deny all incoming traffic. Then rules is configured to permit or deny traffic after the users preferences and certain criteria's (sender, receiver, application etc.)

Two main types of firewalls exists, one is a packet filtering unit that only inspect the data within the IP packets to decide if it is permitted or not. The other type is the gateway or proxy which means it act as a man-in-the-middle for traffic. The call is replied to by the firewall and the question is then asked by the firewall in a new session to the receiver. This functionality puts high demands on the firewall in terms of application functionality and resources.

A large number of hybrids in between those two major types is available, and also a number of extra functionality for protection against different kind of threats. The main rule is that proxy firewalls are more secure and takes less administration but also more complex and expensive. So as always there is a balance between security needs (threats) and easy of use.