Final answer:
A firewall commonly uses a Rule-based access control model where the access to network resources is controlled based on a set of defined rules. These rules determine the allowance or denial of traffic based on specific criteria like IP addresses and ports.
Step-by-step explanation:
The type of access control model commonly employed by a firewall is the C. Rule-based access control model. In this model, access decisions are based on a set of rules defined by the system or network administrator. Each rule in a firewall specifies which types of traffic will be allowed or denied based on criteria such as source IP addresses, destination IP addresses, ports, and protocols.
Unlike the mandatory access control model which relies on fixed policies that cannot be altered by the users, or the discretionary access control model which grants users control over the permissions of their objects, a rule-based model gives administrators control to define the rules that enforce policy decisions. The role-based access control model is not commonly associated with firewalls as it is more relevant to determining user access rights within an organization based on their roles.