hence, it was called a trick. instead of seeing your log grow with stupid port scanners you keep it way smaller with that trick. way smaller.
but, again, just a trick. the actual blocking is for the firewall to do and what ever is opened in any direction from anywhere should be scanned on the application and on the layer 8 of the OSI model. although firewall capabilities differ and the power of the firewall is a deciding factor. and the who ever is setting it up is another. that's why still most of the firewalls out there are set up to be full open from in to any.
and, if purpose built box is allowed to be separated from the hardware, sure I agree. because again, that means anything installed on a pc for the sole purpose of doing firewalling stuff, counts. like ISA.
