Firewalls are best at controlling access to the network from outside. They are the security guard at the gate who controls who can enter, whom you can talk to, and about what.
Firewalls have advanced significantly from the early packet filters that simply rejected packets based on rules defining what protocols and ports network traffic was allowed to use. Modern
third-generation enterprise firewalls are stateful access control devices that inspect deep within the packet stream for potential attacks. They identify and keep track of network conversations (connections) and can associate packets with conversations they have previously allowed based on rules. They also provide other services like network address translation and virtual private network (VPN) concentration.