Fire walls for home users

I found this interesting and informative. From Distrowatch:

Do home users need a firewall? Locking-the-door asks: Do regular home users need to run a firewall on Linux?

DistroWatch answers: My short answer is, for most people running a desktop distribution at home, a firewall is probably not beneficial.

A firewall is software which monitors network traffic coming into, and flowing out from, your computer. The firewall has a set of rules it follows to determine whether it allows network traffic to pass into (or out from) the computer.

A firewall's rule might say, essentially, "Block all traffic leaving this computer, unless it looks like it's going to a web server." This is a semi-common rule in business offices where companies want to block chat clients or games from connecting to the outside world. Alternatively, a rule might say, "Allow connections to my secure shell port, but only from my laptop's IP address." This should prevent anyone who is not using your laptop from attempting to login to your computer remotely.

A firewall is often useful on a server or on any computer which needs to provide some sort of network service. A firewall can prevent some common network attacks and is one layer of defence against information leaking out from the computer to the rest of the world.

Since firewalls are useful in those aforementioned instances, why might they not be recommended for home users? There are three main reasons firewalls tend to do more harm than good on desktop machines running on a home network:

  1. Most home computers are already behind a firewall provided by the household's Internet service provider's router. Typically, computers on the Internet cannot see and attack personal computers running on a home network directly.

  2. Most home computers do not run network accessible services, such as a web server, e-mail service, or file storage. Without one of these services running, there isn't anything to attack. In turn, there is nothing for the firewall to protect.

  3. While our home computers typically do not run Internet accessible services, they do often communicate over the network. If you're trying to run a multi-player game over the local network, synchronize files with your phone, or set up a shared printer then the most common problem you're going to run into is a firewall standing in the way. A firewall will almost always interrupt traffic passing between devices you own and trust. Often times troubleshooting a networking issue will result in either shutting down the firewall or looking up which network ports need to be opened so that the firewall's rules can be modified.

In short, home computers are almost always already behind a firewall which protects the local network, home computers rarely have services which need to be protected, and (on a home network) firewalls regularly get in the way of performing common tasks. Firewalls, while an essential security tool on servers, rarely provide benefits (and often cause frustrations) for desktop users at home.


Generally speaking, these are correct statements.
Well, I'd like to add that firewalling one's home computer traffic could help to find out and/or prevent a trojan and/or bot malicious traffic. Unfortunately, an average home computer user is not usually capable to plan and implement such a configuration.


Hello everyone

Security and convenience... for most users it is about striking a balance between the two.

When considering security - the normal strategy is "defence-in-depth", i.e. not relying on one layer of security.
All my machines run firewalls.
If the firewall on your router is compromised (this can happen), you still have the firewall on your computer.
When it comes to your computers, you decide. :slightly_smiling_face: