how would you ban any internet service without firewalls or routing? DNS bans are trivial to bypass and maybe I’m not thinking hard enough but I’m out of practical ways to prevent access to Twitter or meta.
There’s a barrier to entry in those cases. If you’re DNS actively reroutes people are mostly inclined not to try and figure out a way to bypass it - unless bothered, like we see with the porn access law in Florida.
In any case, you can do packet dropping on a routing level from the ISP - which technically isn’t a national firewall, even if it serves the same purpose.
Segmenting the internet means doing routing in a way where the link between nodes is actively blocked, which is something completely different and is more what you’ll get behind the Chinese “firewall” - when it is more like a physical barrier than a firewall rule, because it’ll be impossible to actually facilitate a manual link, whereas a DNS blocking can be more easily bypassed.
There’s level to these problems and just having a “national firewall” means nothing, because it doesn’t get down to the minutia of what’s actually being achieved.