Jan 14 15:42 2017, Tony Langdon wrote to Michiel van der Vlist:
MvV>> A real firewall is something different. If so configured, it also MvV>> blocks unsollicited incoming packets. But it can do more that that.
That would be a stateful firewall. The most common setup is to allow everything from LAN to the WAN, and only allow related packets from WAN to LAN.
MvV>> It can also detect certain kind of attacks, port scans, flooding etc.
And that's an IDS. But an IDS could be integrated in a firewall product. Commonly they are labeled "UTM".
MvV>> Plus that a firewall can also act on outgoing traffic. OTOH, a MvV>> firewall can not do translation. It is not a NAT.
A firewall is a special kind of router. So NAT is an optional feature of a firewall.
TL> Again, agree. Packet filtering is only one function that a firewall TL> can perform, as you point out. Either way, it's not NAT. NAT has a TL> different purpose - rewriting IP addresses to achieve some networking TL> goal (most commonly share a single public IP among multiple hosts).
Sometimes it's the side effect you're interested in :)