A firewall is a hardware or software device configured to permit or deny data through a computer network in order to protect the resources of a private network from users from other networks. For example, an enterprise with an intranet that allows its workers access to the wider Internet would install a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
In the same way, computer users install personal firewalls (usually software) to protect their computers from the threats of the Internet. The program simply sits between your computer and the Internet and its job is to filter incoming and outbound traffic. That way it can deny intruders or malware access to your computer and it can also detect unwanted outbound traffic. For instance, in order to guard against spyware which could be sending your surfing habits to a Web site.
Basically, a firewall examines all data trying to pass it to determine whether to forward it to its destination. This is done according to a set of rules set by the user, establishing which sorts of traffic to be allowed and which traffic not. The term "firewall" of course originated from firefighting, where firewalls are barriers established to prevent the spread of fire.
An up to date firewall is really one of the most basic must-have elements of computer protection and that became clear, when the Love Bug, MyDoom, Slammer, and Sasser worms swept across the globe in the first years of this millennium causing millions of dollars of damage. As a response ordinary computer users started installing firewalls and anti-virus products galore and the next generations of worms have pretty much been stopped dead in their tracks before they could start spreading to a serious degree.
Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.