Networking security design: Are IP routers commonly used to implement packet-filtering firewalls at network boundaries?

Introduction / Context:
A firewall enforces a security policy by controlling traffic between networks. While dedicated firewall appliances are prevalent, classic implementations used (and still use) routers with access control lists (ACLs) to filter packets based on addresses, ports, and protocols.

Given Data / Assumptions:

• Routers operate at Layer 3/4 and can match on IP protocol fields.
• Boundary between internal and external networks requires policy enforcement.
• Stateless packet filtering is sufficient for many simple controls; stateful inspection may require specialized devices.

Concept / Approach:
Routers can implement packet-filtering firewalls by applying ACLs or filter policies on ingress/egress interfaces. These rules drop or permit traffic according to source/destination addresses, transport ports, and protocol types. While next-generation firewalls add application awareness, routers remain a valid (and common) enforcement point in layered security architectures.

Step-by-Step Solution:

Verification / Alternative check:
Review router configurations (for example, Cisco IOS ACLs, Juniper firewall filters) showing common firewalling at the routing boundary.

Why Other Options Are Wrong:

• 'False' ignores widespread practice of router-based filtering.
• Other qualifiers (NAT, PVLAN) are unrelated to whether routers can implement firewall policies.

Common Pitfalls:
Relying solely on stateless ACLs for complex applications; combine with stateful/NGFW where appropriate.

Final Answer:
True