Every computer has a bunch of ports (1-65535 if I recall correctly), each of which is a unique entity to which a single service can bind. In layman’s terms, a port is a door that one service is able to answer when someone knocks. By convention, some ports have a specific associated service (80 = HTTP, 443 = HTTPS, 22 = SSH), but there are a lot that you can just use as you deem appropriate.
If you want a service (e.g. a web server) to be accessible, you have to run a service that binds to a known port (e.g. 80), and a client has to reach out to your server on that same port. A firewall sits between your service(s) and any potential clients, much like those steel security screen doors. If that’s closed, nobody gets through on that port, even if a service is bound to that port and is listening for a connection.
As a general rule of thumb, you want your firewall to block as much traffic as possible without breaking something (I.e. blocking one of your public-facing services). If you don’t run any services on your computer (web services, media servers, etc.), you can probably get away with blocking all inbound traffic. without any discernable impact.
Programs that want to receive or send data across the network do so using a port. A firewall (in the sense of a firewall on your computer) is basically a program that sits between the rest of your programs and your network connection and determines what programs should be allowed out to the network and what incoming connections should be allowed to talk to your programs.
This is “increasing security” by making sure you don’t let incoming connections talk to whatever happens to be running on your computer that might be listening for network traffic.
I can provide a more ELI5 explanation if you would like it.
I still don’t know what a firewall actually does lol. I just install nftables and ufw and hope it somehow improves my security. I just don’t know how.
Every computer has a bunch of ports (1-65535 if I recall correctly), each of which is a unique entity to which a single service can bind. In layman’s terms, a port is a door that one service is able to answer when someone knocks. By convention, some ports have a specific associated service (80 = HTTP, 443 = HTTPS, 22 = SSH), but there are a lot that you can just use as you deem appropriate.
If you want a service (e.g. a web server) to be accessible, you have to run a service that binds to a known port (e.g. 80), and a client has to reach out to your server on that same port. A firewall sits between your service(s) and any potential clients, much like those steel security screen doors. If that’s closed, nobody gets through on that port, even if a service is bound to that port and is listening for a connection.
As a general rule of thumb, you want your firewall to block as much traffic as possible without breaking something (I.e. blocking one of your public-facing services). If you don’t run any services on your computer (web services, media servers, etc.), you can probably get away with blocking all inbound traffic. without any discernable impact.
Programs that want to receive or send data across the network do so using a port. A firewall (in the sense of a firewall on your computer) is basically a program that sits between the rest of your programs and your network connection and determines what programs should be allowed out to the network and what incoming connections should be allowed to talk to your programs.
This is “increasing security” by making sure you don’t let incoming connections talk to whatever happens to be running on your computer that might be listening for network traffic.
I can provide a more ELI5 explanation if you would like it.