A packet filter is often used to protect an organization's computers and networks from
unwanted Internet traffic. The filter is placed in the router that connects the organization to the
rest of the Internet.
A packet filter configured to protect an organization against traffic from the rest of the
Internet is called an Internet firewall; the term is derived from the fireproof physical boundary
placed between two structures to prevent fire from moving between them. Like a conventional
firewall, an Internet firewall is designed to keep problems in the Internet from spreading to an
organization's computers.
Firewalls are the most important security tool used to handle network connections between
two organizations that do not trust each other. By placing a firewall on each external network
connection, an organization can define a secure perimeter that prevents outsiders from interfering
with the organization's computers. In particular, by limiting access to a small set of computers, a
firewall can prevent outsiders from probing all computers in an organization or flooding the
organization's network with unwanted traffic.

A firewall can lower the cost of providing security. Without a firewall to prevent access,
outsiders can send packets to arbitrary computers in an organization. Consequently, to provide
security, an organization must make all of its computer secure. With a firewall, however, a
manager can restrict incoming packets to a small set of computers. In the extreme case, the set
can contain a single computer. Although computers in the set must be secure, other computers in
the organization do not need to be. Thus, an organization can save money because it is less
expensive to install a firewall than to make all computer systems secure.

1, perimeter  [pə'rimitə]
n. 周长；周界；[眼科] 视野计

2, interfering  [,intə'fiəriŋ]
adj. 干涉的；多管闲事的
v. 妨碍（interfer的ing形式）

3, arbitrary  ['ɑ:bitrəri]
adj. [数] 任意的；武断的；专制的