A
host-based firewall runs on individual endpoints, controlling inbound and outbound traffic at the host level — providing protection even on trusted network segments.
Defense in depth: network firewall at the perimeter + host-based firewall on each system. Windows Firewall/Defender, iptables (Linux). Provides protection against internal threats and lateral movement.