I work in a research environment so I understand that mentality and I don't necessarily disagree with it. My personal preference is a completely open network with full packet capture at the egress points with middleware for RTBH. I don't believe in NAT and I advocate for BCP filtering inbound, no outbound filtering outbound and very little or no firewalls unless something is special case (financial data, medical data, PCI compliance or other PII data).
I know I'm in the minority; I come from the service provider world and that's the way my mind works.
However, in some cases I believe shaping abusive users is appropriate. There are a lot of schools of thought on this, I tend to lean toward priority queuing mechanisms, allowing everything but setting actual "work" protocols higher. Are others just blocking ports, then?