The host firewall can be a great method to filter traffic to and from the system. The effectiveness of this control is dependent on the operating system, location of the system, and policy configuration. For example, the implementation of Windows requires several Windows-specific ports and services to be accessible on the internal network to function within the Windows domain that expose services that may be configured in a vulnerable manner. Whereas with Linux, for instance, the host firewall (iptables) can be very effective in protecting the host and the accessible services as there is no concept of a domain. There is functionality within the Windows firewall to limit the accessibility of the Windows services and it can always be configured in an explicit manner limiting access to services.
The host firewall cannot be approached as the primary method of securing services on a system. Each service should be configured in a secure manner as the firewall may or may not provide any real protection depending on the configuration. The firewall should be considered as another layer of defense from intrusion attempts against applications, services, and the host itself. This solution is similar to the application whitelisting in regards to the requirement of knowing what applications are running and how they must communicate. In some cases, this can be very challenging when application communication ports are poorly documented, random, or are not understood. Some applications open random ports or have extremely large ranges of ports that must be used to function properly. Some host firewalls are able to allow dynamic port use, thus alleviating the need to go through the exercise of analyzing the application and observing unwanted blocks by the firewall.