swedish... Björn (I switched my kb to finnish just to write your name right :))
Arend's definition differs from yours. Arend said it can't be PC. is this what you mean when you say purpose built?
you say they are purpose build "boxes", and then you say these boxes can be VM's. so they are not build at all but ran inside the full OS of some other kind, even further away from the definition of dedicated purpose built "box" and then you go on writing linux based firewalls and isa are not purpose build since they are not bare metal. but the VM in your previous comment is a bare metal? and yet again, that vm is running under windows or linux based host.
you get more bare metal taking a PC and installing linux on it with kernel optimized for this kind of stuff.
about your comment on firewalls and transport layer. that might have been the case in 80's and early 90's but all today's firewalls should work on application level. if they don't it's like using fax instead of email or 28k modem in place of anything faster as they both do communication in a way that fits the definition of "communication".
