You can have personal firewalls (aka host based firewalls). These are software based and usually come included with the operating system. Windows Defender Firewall is an example of a personal firewall. These filter traffic by port number or application.
In corporate environments, it’s common to also have network based firewalls located at the periphery of the network so that all traffic going out to the Internet or coming in from the Internet passes through the firewall.
Firewalls can be on a layer 3 router or can be separate dedicated hardware. Firewalls act to filter traffic by port number or application to block unwanted traffic.
You can create a firewall whitelist which will stop all traffic and only allow traffic that is on the whitelist. For example, you can allow traffic to only known IP addresses.
On the otherhand you can configure a firewall blacklist which will allow all traffic except for traffic you specify on the blacklist. This will block traffic only for known bad IP addresses.
Firewalls may also be able to encrypt traffic into and out of the network (creating a VPN tunnel).
Firewalls can also proxy traffic so that a client inside your network sends a request to the firewall. The firewall then makes the request out to the Internet on the client’s behalf. The firewall then receives the response from the Internet and checks to make sure the response if valid and then sends the response to the requesting client on the network.