This is explained at much greater length in the book, but let me take
a short swing at the question...
The difference is not so much the actual security -- though that, too,
can be at issue -- as the assurance of security. Packet filters are
in the business of *passing* data; to work at all, they have to let
some packets through. Given the complicated nature of most real filter
rule sets, the abysmal syntax most filters support, the varying
semantics for rule order interpretation, and the potential for interactions
between rules, it's plausible -- or perhaps likely -- that there are
conversations that are permitted by the rules that were not intended
by the firewall administrator.
Here's a simple example, taken from Brent Chapman's paper on problems
with packet filters. You want to allow inbound and outbound mail, so
you have rules that look like this (I'm simplifying Brent's example
The first pair of rules permits packets to the inside mailer, and return
flow to the client; the second pair permits packets to an outside mailer,
and the return flow to an unprivileged port. But the combination of the
second and fourth rules permits conversations between any high-numbered
inside port and a high-numbered outside port. This may not be evil, but
it was not what was intended by the rule set.
Again -- what I'm trying to show here is not a specific failing, but
simply that interactions can occur, and that they're very hard to
eliminate in general because of the context-free nature of the decision
process of (static) packet filters. Put another way, a faulty packet
filter is able to fail bad.
By contrast, application proxies are in the business of listening to
requests from the inside. No data is passed except by the proxies
themselves; if they cannot be invoked from the outside -- and a simple
packet filter that guards against address-spoofing can do the job --
you're a lot safter. The usual failure mode for an application gateway
is that nothing gets through, which may be unpleasant but isn't
I'm not saying that packet filters are evil, or that they shouldn't be
used. They certainly provide more transparency. But in my opinion, they're
somewhat more risky.