Network Firewalls: Ingress and Egress Filtering
Most firewalls act as gatekeepers for networks or network segments and exist in a position where a router would exist and manages ingress and egress of data. In fact, if the feature set has been enabled, your Cisco router can easily be called a firewall if it does any filtering of the traffic on your network.
As a gatekeeper for your network, this device carefully filters out undesirable traffic that attempts to enter your network.
Although most people think of firewalls as protecting the network from incoming traffic, they can also prevent traffic from leaving your network. You can restrict your internal users from getting off of your network and going anywhere they would like. That is part of the egress filtering, which can be just as important as the ingress filtering.
Some very paranoid people use deny Access Control Lists (ACLs) as their basic network access rule on all firewalls in both directions, so all network traffic incoming or outgoing needs approval. This method does take some commitment, but it ends up being very secure, if you manage to still keep it functional.