Methods and devices are provided for implementing a dual mode firewall. Some implementions provide a firewall in a network device that acts as bridge for layer 2 traffic and acts as a router for layer 3 traffic. In some implementions, a determination of whether to act as a bridge or a router for a packet is based on the configuration of the interface handling the packet. In some implementations, the network device inspects a destination of each packet to determine whether to act as a bridge or a router for that packet. The firewall screens both the layer 2 and the layer 3 traffic according to policies implement in the firewall.