Several years ago, we had Internet from some doofus who had no idea what he was doing. Of course, he thought he was God's gift to networking.
While we ran our Internet through him, I was absolutely forbidden from touching any of the equipment.
At one point, he set up a firewall for us. He brought it over and hooked it up on a Friday afternoon. After plugging everything in, doofus headed for the door. I stopped him and told him that we needed to test it first. So he reluctantly waited while I walked over to a computer and tried to access the Internet.
Sure enough, it didn't work at all. So he unplugged the power to the firewall and plugged the cable from the Cisco router directly to the hub (this was a few years ago) again and left. He never again tried to do anything with it. For that matter, he never came back on any day when I was in the office.
A few weeks later when it became apparent that he had abandoned it, I looked at it and saw that he had it plugged in backwards. The WAN port was still plugged into the hub and so the cable from the Cisco router had to have been plugged into the LAN port. No wonder it didn't work.
Fast forward a couple of years. I ran across the original box that he had brought the firewall to the office in. Inside the box was a printout of the firewall settings. The only rules set up on that firewall was to block spoofed traffic and permit everything else. Of course, since it had been plugged in backwards, it thought everything was spoofed traffic.