I think you’re missing part of their point (which isn’t super clear). You can still surf on such a computer, by going through an http proxy on the same LAN (the “gateway” they’re talking about, or bastion host)
They could very much be writing that comment on such a machine.
Amazing how people can (mis)interpret (unclear) comments as if they were crystal clear. They make assumptions. They read things in that are not there. It is truly entertaining, I never mentioned Linux. I never mentioned "desktop". Nor did I suggest Windows users would not be able to access the internet. Nor did I suggest the computer with IP forwarding enabled (call it what you like) needs to do everything a "firewall" does.
Indeed, I am writing this comment on such a commputer that runs a proxy for all the other computers. That's only because I like to experiment with different proxy configs.
More specifically, that the host should not route public IP space but use a proxy for any outbound connection (and a load balancer/reverse proxy for any incoming)
Every org is different of course but in the general I agree that this should be a more common pattern.
I think you’re missing part of their point (which isn’t super clear). You can still surf on such a computer, by going through an http proxy on the same LAN (the “gateway” they’re talking about, or bastion host)
They could very much be writing that comment on such a machine.