I'm not sure about it. I think the main task of FW is to control network traffic. Correctly implemented stack can protect itself without additional help. This is just wording. I insist that correctly implemented stack can drop the packets with the same efficiency as any firewall does. From the other side to control illegal flags etc any FW needs to allocate and use additional resources which turns all those efforts into null at best.