The invention provides a firewall control system based on a Next Generation Network (NGN) service and a method thereof. The method includes: resolving an application layer signaling, performing a security inspection of a signaling flow and determining requirements of a service media flow on security level; determining controlment of the service media flow on security level according to a stored policy and the requirements of the service media flow on security level; performing a security inspection of the service media flow passing by, according to the controlling information of the service media flow on security level. In embodiments of the invention, a Packet-filter-based Firewall is enabled to perform a fine granularity security hierarchy processing of each subscriber and each session in the NGN, and dynamically select working mode of firewall packet filtering of different security levels according to a subscriber requirement and a session type to prevent network attacks.