Most firewalls today are based on application gateways running on dual-homed
hosts. While less flexible than packet filters, the dual-homed host hides
the internal network--only the external router, the Web server and the firewall
itself are open to direct attack. The failure mode is more secure--if the
firewall software is disabled, no traffic passes through. The gate remains
closed.