The firewall is a layer 3 (IP) to layer 4 (eg. TCP) packet filter. Together with proxies and VPN flows they are what defines the router's security policies.
The firewall can, just like the rest of the product, be configured by both the graphical user interface, and in clear-text. It is based on, and slightly extends, OpenBSD's PF which makes pf.conf's manual page[] a great source of information. Not every possible feature is interpreted by the graphical editor.