I have template iptables/nftables rules on my devices on the network that I can just copy and paste to a machine to have a firewall that works (with tweaks specific to that device). With it I can tell it to send all logs of my choice through syslog-ng to my server just by installing it and telling it the destination, allowing me to have (already made) alerts and dashboards on every device on my internal network. My router runs Linux (openwrt) and allows me to do something other routers can’t do because I’m able to add a module into the kernel: permit switch-level firewall access. What this means is I don’t need (but do still have) VLAN to restrict traffic between devices. I can block firewall access completely at the router level before a device is tweaked to also add additional security (e.g. helps prevent my smart tv from probing every device on my network to gather information. Or if I purchase a malicious hardware online, it won’t know the rest of the network exists because the router doesn’t tell it unless I say it’s okay).

That’s firewall stuff. System security: can compile and modify the kernel to just the modules and such I want, lowering the scope of issues from a kernel level vulnerability. I can be very granular with file and directory permissions with a single command in the terminal. I can easily track file metadata changes down to just about anything you can think of with simple tools, like aide. Python scripts through cron and inotify can help me monitor when something sus happens on my machines.

Most of all this being done on Windows or Mac would require extra effort to work correctly, and not to mention probably cost money for software that can do the same but isn’t free. Also not entirely sure a router can be setup on either of those OS.