In a recent article, Phillip Hallam-Baker, Principal Scientist at Verisign suggests reverse firewalls ought to be built into cable modems and home use WAPs. The idea is to filter outbound traffic before it leaves the source instead of letting it travel to its destination before being filtered.

Perhaps filtering might better be done at the ISP first, since it’s probably more cost effective to implement and manage a solution there than it is to replace cable modems. Vendors of small DSL/Cable routers should have outbound filtering as a default. The current norm is minimal filtering and security on by default to make it simple for users to install.

The idea works; many companies already employ this type of filtering on their corporate LANs (we only allow SMTP connections from the mail servers).