I currently use TinyWall Firewall, it works very well, it’s small/portable, no complaints I even donated to the Dev but I would really prefer open source, also it needs to be user friendly like TinyWall so my non-tech family members can/will use it like they do with TinyWall.
Process-level filtering is to avoid exfiltration from environments where “all processes run as the same user, with full access to all other processes”… which, unfortunately, are still most of them.
DPI is nice to stop incoming attacks, and to detect suspicious outgoing traffic, but it’s kind of late when the data is already on the wire, and you won’t be able to stop all possible kinds of traffic that way.