_Everyone_ (network connected) should have a firewall.
Why?
Every network-connected device should have a security layer. Firewalls provide a nice modular security layer and they are cheap compared to the devices/networks that they protect.
When did the end2end nature of the Internet suddenly sprout these mutant bits of extra complexity that reduce the overall security of the 'net?
The security issue has always been there. You can either build security into the network or into the endpoints. Given that the Internet model is to keep complexity out of the network and in the endpoints, the next question is for site administrators to ask themselves, do I manage *MY* network, like the Internet, or do I manage it like an endpoint? If the answer is to treat it as an endpoint, then it is quite appropriate to install a firewall as a gateway between the network and the Internet. Consider that many endpoints in today's world now encapsulate networks within a single physical device. Routers, switches, cellphones, cars and any embedded device using I2C. Just as the distinction between a router and a switch has been blurred by the advance of technology, so too has the distinction between an endpoint and a network. --Michael Dillon