firewalls(not as good as bolt cutters, but…)
Routers: easy to say “allow everything but…”
Firewalls: easy to say “allow nothing but…”
This helps because we turn off access to everything, then evaluate which services are mission-critical and have well-understood risks
Note: in my opinion the only difference between a router and a firewall is the design philosophy; do we prioritize security, or connectivity/performance? (configurability, logging)