A hardware FireWall is basically a small computer. It is told what to block and how to by it’s firmware or software. I cannot do the description justice compared to Wiki or the literally thousand of sites and youtube video’s that explain it in detail.
But regarding the point I made, about software Firewall’s being a joke. Well the entire computing industry agrees, that’s why billions are spent on hardware every year and why there are so many cheap ones on ebay. For instance “Windows Defender” ignores the “Hosts” file for some sites, so deliberately allowing a back door into your system.
Here is a snapshot of a (With Multiples edited out) Syslog file from a Windows 10 machine with enterprise level anti-virus and all security activated including up to date “Windows Defender” As an aside the “Host’s” file was over 4000 entries long.
A Syslog file is what a firewall can send to a syslog server.
192.168.50.1 is the firewall and 192.168.50.4 is a windows 10 machine. This is the Windows 10 machine trying to chirp back to the mothership. Complaing that I am a harsh master and they will have to watch this one more carefully.
Mon Nov 28 11:25:42 2022;192.168.50.1; <134>Block host "64BITWIN10" internet access - Source=192.168.50.4 - Destination=104.18.17.107:443 - UDP, Group 2
Mon Nov 28 11:26:07 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url a1887.dscq.akamai.net due to content filter policy violation
Mon Nov 28 11:29:17 2022;192.168.50.1; <132>Blocked by Inbound Rules - src_ip=0.0.0.0:68 - dst_ip=255.255.255.255:67 - UDP
Mon Nov 28 11:40:46 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url a1887.dscq.akamai.net due to content filter policy violation
Mon Nov 28 11:42:05 2022;192.168.50.1; <134>Block host "64BITWIN10" internet access - Source=192.168.50.4 - Destination=142.250.200.35:443 - UDP, Group 2
Mon Nov 28 11:43:09 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url securepubads.g.doubleclick.net due to content filter policy violation
Mon Nov 28 11:43:09 2022;192.168.50.1; <134>Block host "64BITWIN10" internet access - Source=192.168.50.4 - Destination=172.67.183.12:443 - UDP, Group 2
Mon Nov 28 11:43:09 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url a1887.dscq.akamai.net due to content filter policy violation
Mon Nov 28 11:43:18 2022;192.168.50.1; <134>Block host "64BITWIN10" internet access - Source=192.168.50.4 - Destination=172.67.183.12:443 - UDP, Group 2
Mon Nov 28 11:48:47 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url browser.events.data.microsoft.com due to content filter policy violation
Mon Nov 28 11:48:54 2022;192.168.50.1; <134>Block host "64BITWIN10" internet access - Source=192.168.50.4 - Destination=40.99.151.130:443 - UDP, Group 2
Mon Nov 28 11:49:00 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url csp.microsoft.com due to content filter policy violation
Mon Nov 28 11:49:00 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url acdn.adnxs.com due to content filter policy violation
Mon Nov 28 11:49:01 2022;192.168.50.1; <134>Access denied for client 192.168.50.4 to url eu-office.events.data.microsoft.com due to content filter policy violation
In reality there were nearly 1000 entries here in a 25 minute period, but I auto edit out with scripts and Macro’s, so I can see what is happening regarding the stuff I am interested in. All you need to know is that these destinations were blocked in the “Hosts” file and therefore the “Windows Defender” FireWall. However Windows 10 let them through like a “traitor”
But the Hardware Firewall that Microsoft has no control over really does block them.
So to be honest you have a lot reading and video watching to do. Not, because I am dismissive, but simply some really talented people have put together comprehensive easy to understand explanations on Youtube and the Web in general, that I could not attempt to come close too.