"the primary purpose of a firewall is to keep the bad guys away from the buggy code. Firewalls are the networks' response to the host security problem."
a pretty good sound bite. :)
Add to that that you don't really know what's safe or unsafe, and that you have some services that are convenient for insiders but don't have adequate, scalable authentication on which you can build an authorization mechanism, and you see why firewalls are useful.
Perfect? No, of course not. A good idea? Absolutely.
Er... perhaps. Who is configuring the "firewall"? What are its capabilities? How easy will it be to deploy new services? I, as an enduser, am abdicating most of my responsibility to or it is being hijacked by one or more network service providers. Ken is right. Firewalls, in general, seem to be a great place for blackhats to focus on. DoS is trivial, the degenerate case is encaps of everything into stuff that passes through the firewall (IP over port 80), and then we've just pushed the problem elsewhere, adding more complexity to the system for little if any improvment in the overall integrity. Sounds like the result is a system that is more fragile.
--Steve Bellovin, http://www.research.att.com/~smb
--bill (cynic) Noting that the nanog thread of the day has changed, but not n'cessly for the better. :)