A peek at the front of the ches and bellovin book might
give a "firewall" definition (I dunno).
But, to me - there are gateways ... and then there are
-Gateways mostly just connect an "us" with a "them".
-Firewalls do that ... but try to add some security value for
the "us" folks. Now ... how they do that is an architectural
decision. But, there you go down the firewalls path.
I'm sure there are some fuzzy grey areas (router with basic,
simple access lists) that provide minimal security which
is a bit more than just a "gateways" but not enough to be a
"firewall". Oh well.
Find that quote source ... and you'll find where they draw the
I'm no expert ... but 8% sounds small. The number might seem
lower because they count X million hosts on the Internet and
only (X * .08) hosts == firewalls ... but those firewalls
"connect" gazillion more hosts to the Internet (not counted as
part of X?).
What do others think?
my 2 cents :)
> 2. But this leads to a second question, which I've had for some time: I
> believe that the term 'firewall' applies to a collection of configuration
> and technology choices, rather than to a single, focused "thing". My
> question is: What is the definition that folks consider appropriate? A
> single machine between me and the Internet is a very different setup from a
> double-router and proxy-server setup. Both are probably classed as
> firewalls. yes?