Firewalls are usually capable of operating at all layers below the highest layer they are capable of. The Linux Netfilter for example is capable of operating at all 7 layers of the OSI model. The Windows Server 2008 firewall can operate from layers 1 through 5 and the Windows XP firewall operates on Layers 1 through 3.

Layer 3 Firewall
Layer 5 Firewall
Layer 7 Firewall
Called Port-based firewall Circuit level Gateway Firewall
SPI Firewall (Stateful Firewall)
Application Layer Gateway Firewall
Proxy Server/Firewall
Examples Windows XP Firewall Iptables, Windows Server 2008 Netfilter (iptables with layer7 patch)
Very expensive proprietary systems
Action Each packet is compared against a list of rules and if necessary filtered (source/destination address, source/destination port, protocol). Monitor the TCP/IP handshake and the state of connections. Packets are or are not allowed based on traffic rules and the state of the connection. Unauthorized application activity is logged, prevented or terminated
Filters IP protocol information, IP addresses, and TCP or UDP port numbers. Based on connection state. Filter (inspect) actual application data.
Weaknesses IP spoofing Denial of Service attacks where the tables are filled with fake connections Require large amount of system resources. High level of administrative difficulty.
Protects From Access by unauthorized IP addresses, networks and ports. Applications operating on non standard ports.
Deep Packet Inspection No No Yes

Shallow Packet Inspection (SPI) – The act, by a firewall, of inspecting the TCP and UDP headers of network packets.
Monitors the establishment and the state of connections. Also called Stateful Packet Inspection.

Deep Packet Inspection (DPI) – Combines roles of firewall and intrusion detection systems. Identifies and authenticates protocols, applications and sessions. Reasons for implementing deep packet inspection include per-service rates and copyright protection by service providers, quality of service, intrusion detection and intrusion prevention.

Valid XHTML5 Valid CSS!