Not really a tutorial but some nice info.

Packet Filter Firewalls

Packet filters determine whether packets can enter or exit a network. The firewall examines the TCP/IP header and accepts or rejects it. Packet filters are based on a set of predefined rules.

-does not impede traffic (network performance does not suffer)
-simple to implement
-provide logging facilities
-transparent to end users

-cannot prevent ip spoofing
-are passable by crackers/hackers
-poor config/rules can allow access

Application Gateways

application gateways are also known as a proxy. these proxies restrict network traffic to a specified application. ie http or ftp.

-data is transferred to specific applications
-provides logging
-provides no direct connection to the internet from within a network (ie business or school)

-a proxy must be built for each app
-can impose a small overhead on a network
-if the proxy fails then access is lost

Circuit Level Gateways

they use a proxy, but can only filter on the basis of header information in the IP packets. TCP connections are relayed to determine whether they are authorized. Packets are not filtered or processed.

Stateful Inspection Firewalls (Dynamic packet filters)

Packet filtering rules are used. All the data in the packets from the network layer up to the application layer is examined. These firewalls verify if the connection is legitimate. They also remember port numbers used by applications; once an application is closed the firewall closed the open port.

Hybrid Firewalls

combination of Stateful Inspection and Application Gateway firewalls.