The answer depends on the definition of "firewall" and on the particular device. Almost all NAT boxes have rudimentary packet-filtering capabilities, although the number and complexity of filters is often limited. Also, as previously noted, NAPT itself has "firewall-like" properties. However, modern firewalls offer many more features, including Stateful Packet Inspection (SPI), VPN endpoints, DoS protection and secure remote management.
A home user would hopefully never need DoS protection. He/she probably doesn't host servers on static 1-1 mappings and therefore benefit from stateful inspection, or want to craft an intricate set of filters. NAT is entirely sufficient for such cases. If you have more complicated requirements, host public services, need full VPN functionality or invite DoS attacks with your online demeanor, a firewall type device may be more suitable.
by Nick8 edited by JMGullett
last modified: 2007-05-08 12:24:21