Haha that's not what I thought of when reading a response to api's comment. If you want to call it a "firewall on the host" after 'api called it a "secure device", then perhaps the disagreement is merely one of terms. Either way, the host uses some method to ignore unwanted packets. I don't think this new "on the host" version of "firewall" is very much in keeping with etymology, which is probably why I was confused.
Well as I mentioned there it doesn't necessarily have to be on the host, that's just one option. At home I use the linksys based solution I mentioned in my edit which was more the way I was thinking - and probably more comparable to commercial firewall appliances like you might be thinking of but deployed internally and on a cheaper scale.
