Most firewalls today are based on application gateways running on dual-homed hosts. While less flexible than packet filters, the dual-homed host hides the internal network--only the external router, the Web server and the firewall itself are open to direct attack. The failure mode is more secure--if the firewall software is disabled, no traffic passes through. The gate remains closed.