A '''[[network layer]] [[firewall]]''' works as a [[packet filter]] by deciding what packets[[packet]]s will pass the firewall according to rules defined by the administrator. Filtering rules can beact appliedon basedthe onbasis of source and destination address,portsand on [[port]]s, in addition to whatwhatever higher-level protocols[[protocol]]s the packet contains. Network layer firewalls tend to beoperate very fast, and transparenttransparently to users.
Network layer Firewallsfirewalls generally fall into two sub-categories, [[stateful firewall|stateful]] and [[stateless firewall|non-stateful]]. Stateful firewalls also hold some information on the state of connections (i.e.for example: established or not, initiation, handshaking, data or breaking down the connection) as part of their rules (e.g. only hosts inside the firewall can establish connections on a certain port).
Stateless firewalls have packet-filtering capabilities but cannot make more complex decisions on what stage communications between hosts ishave atreached. andStateless arefirewalls therefore offer less securesecurity. Stateless firewalls aresomewhat quite similar toresemble a [[router]]'s in their abilty to filter packets.
Network layer firewalls can be implemented with aAny normal computer running an [[operating system]] which supports packet filtering and [[routing]] can function as a network layer firewall. Appropriate operating systems for such a Examplesconfiguration include [[Linux]], [[Solaris Operating Environment|Solaris]] and the [[Berkeley Software Distribution|BSD]]s.
