The concept of defense-in-depth plays a crucial role in the theoretical framework for firewall design as it emphasizes layered security mechanisms to protect against different types of threats. When using Python, this framework allows for the implementation of various security measures, such as packet inspection and intelligent rule enforcement, at multiple levels of a network . Python's flexibility supports the defense-in-depth approach by enabling the integration of different functionalities, such as intrusion detection and application-layer filtering, which work together to enhance the overall security posture .

User-friendly interfaces in firewall systems are important because they facilitate easier rule configuration, monitoring, and management, particularly for non-expert users. Current Python-based solutions often lack intuitive interfaces, which is a significant gap identified in previous studies . To address this need, some solutions have incorporated GUI-based designs, as seen in the work by Uzoho et al. who developed a Python firewall with a Tkinter interface for live monitoring . However, further improvement is necessary to enhance usability for broader deployment .

The evolution of firewall architectures in recent years has been influenced by increasing network complexity and the sophistication of cyber threats, necessitating more intelligent, adaptable, and scalable firewall solutions . Trends such as the integration of AI and ML have enhanced the ability of firewalls to detect anomalous behavior and adapt to new attack vectors in real time . The demand for deeper packet inspection and comprehensive threat intelligence has led to the development of Next-Generation Firewalls, which have become the industry standard . The rise of cloud services has also prompted wider adoption of Cloud-Based Firewalls to provide scalable protection .

Next-Generation Firewalls (NGFWs) are considered the industry standard due to their comprehensive features that go beyond traditional firewall functions. They incorporate Deep Packet Inspection (DPI), intrusion prevention, and threat intelligence . These capabilities allow NGFWs to not only monitor and filter network traffic effectively but also provide advanced security by identifying and mitigating sophisticated threats in real-time. Their ability to operate within cloud and enterprise networks ensures they meet the current demand for robust and adaptable cybersecurity measures .

Contemporary literature classifies firewalls into five major types: Packet-Filtering Firewalls, Stateful Inspection Firewalls, Application-Level Gateways (Proxy Firewalls), Next-Generation Firewalls (NGFWs), and Cloud-Based Firewalls (Firewall-as-a-Service). Packet-Filtering Firewalls work at the network layer, inspecting each packet in isolation; they are fast but cannot track state or application-level data . Stateful Inspection Firewalls maintain a connection table and make filtering decisions based on both packet headers and connection states, offering context-aware filtering . Application-Level Gateways operate at the application layer, filtering specific protocols like HTTP and FTP, providing high security but with added latency . NGFWs integrate traditional firewall functions with deep packet inspection, intrusion prevention, and threat intelligence, making them the industry standard for cloud and enterprise networks . Cloud-Based Firewalls offer scalable, real-time protection for distributed networks, introduced widely after 2019 .

Python is considered pivotal for cybersecurity and firewall development due to its simplicity, large library ecosystem, and cross-platform capabilities, which facilitate rapid development of security tools. Its effectiveness in areas like packet sniffing, network scanning, intrusion detection, and firewall development makes it highly valuable . Libraries such as Scapy, NetfilterQueue, and PyShark enable functionalities like packet manipulation and analysis, which are crucial for building Python-based firewalls. Python's flexibility also allows for quick and cost-effective prototyping and deployment of custom firewall solutions .

The integration of Artificial Intelligence (AI) and Machine Learning (ML) into modern firewall design has significantly enhanced the ability to detect anomalous behavior and adapt to new attack vectors in real-time. Since 2018, these technologies have allowed firewalls to move beyond simple packet filtering to more intelligent systems capable of stateful inspection, deep packet inspection, and intrusion prevention . The adaptive features provided by AI and ML enable firewalls to detect and respond to emerging threats quickly, which enhances the security posture of networks .

The gaps identified in previous studies on Python-based firewalls include the lack of user-friendly interfaces for configuration and monitoring, absence of advanced features like behavior analysis, and lack of integration with threat intelligence feeds . Many systems do not implement real-time updates to rules and logs and are not scalable for enterprise-level deployment . Suggested improvements include incorporating real-time monitoring, dynamic rule updates, comprehensive logging, and intuitive GUIs to make the tools more practical and educational .

The emergence of cloud-based technologies has significantly influenced the implementation and effectiveness of firewalls by facilitating the development of Cloud-Based Firewalls or Firewall-as-a-Service models. These firewalls are hosted in the cloud and provide scalable and real-time protection, making them suitable for distributed network environments . The scalability and flexibility offered by cloud technologies allow these firewalls to adapt to increasing network demands and provide continuous updates, ensuring they can defend against emerging threats effectively. This shift has also reduced the dependency on on-premise hardware, enhancing accessibility and efficiency .

Recent work demonstrating the effectiveness of Python in firewall development includes Oluwafemi & Akinyemi's rule-based firewall, which achieved over 85% detection accuracy in DoS attack scenarios by filtering packets based on source IP, protocol type, and destination port . Uzoho et al. developed a GUI-based firewall with live monitoring capabilities, using Scapy to detect malformed packets . Abdullahi & Yusuf created a hybrid firewall incorporating AI to classify traffic as malicious or benign in real-time . Ezenwa & Chinedu proposed a campus network firewall with log analysis and alerting features, serving as an educational platform .