Will a standard NAT-router firewall stop outgoing traffic?

Most firewalls (that I've worked with) have an implicit allow rule that allows all traffic from a more secure network (usually the internal LAN) to a less secure network (usually the internet) so that all outbound traffic is allowed from your internal LAN to the internet (or to a DMZ) You do not usually need to create explicit rules to allow outbound traffic.

Most firewalls (that I've worked with) have an implicit deny rule that denies all traffic from a less secure network (usually the internet) to a more secure network (usually the internal LAN) so that all inbound traffic is denied from the internet (or from a DMZ) to your internal LAN. You do usually need to create explicit rules to allow inbound traffic.


The hardware firewall cannot readily distinguish between "good" or "bad" packets, since they all come from the same source. The software firewall can ascertain which application generated the packet, so is better prepared to block them as desired.