Last Updated: [last-modified]
It’s a dangerous and distracting internet out there. Hackers are a threat to us all, not just big corporations and government networks. And the web offers a seemingly limitless supply of harmful and time-sucking content that you probably don’t want your network users to see.
A firewall is a really effective answer to these problems. And luckily for you, you probably already have one built into your operating system or internet router. Here’s how to set it up.
Hardware and software firewalls
Broadly speaking, there are two kinds of firewall at your disposal.
Hardware firewalls/Router based firewall – The firewall in your internet router is a hardware firewall: it’s a dedicated device. Because it sits on the gateway between the internet and your whole network, the traffic it filters is usually blocked for everyone. That makes it ideal for setting network-wide filter rules. It’s more efficient and easier to manage than using separate firewalls for each computer too. With one device filtering traffic at your main gateway, you can save computing power and simplify your security policy.
Software firewalls – The firewalls built into Windows and OS X are, of course, software. You can also get third-party firewall software like Comodo and Firewall. These firewalls can only filter traffic to and from the computer they’re installed on.
By using a combination of hardware and software firewalls at each of your network’s gateways, you can build a security policy that looks after your whole network and specific computers.
Setting up your router’s firewall
Your router’s firewall is usually controlled from your browser via a web interface. Check your router’s documentation on how to access it.
Typical features you might want to use include:
Setting security levels – Most router firewalls come with a selection of security levels. As standard, the firewall might block all unsolicited incoming connections, since these are likely to be malicious. You can choose higher or lower security levels according to your needs, and then customize them with additional rules.
Port forwarding – If you use internet services that make incoming connections, then you’ll need to find out the port numbers used by those services and “port forward” them. Typical examples include online games and p2p sharing services.
Address filtering – Block access to specific websites for all of your network users, by creating a list of the domain names you want to filter.
The DMZ – The “demilitarized zone” is an area outside of the firewall that you can assign one or more devices to. Everything in the DMZ can send and receive anything over the network.
Setting up your computer’s firewall
Windows, Mac OS X, and other modern desktop operating systems come equipped with application-layer software firewalls. Like hardware firewalls, they include standard security settings that offer basic protection against hackers and viruses.
Because these are application-layer firewalls, you can also use them to set rules for specific programs on your computer. When a new application tries to use the internet for the first time, your OS’s firewall may prompt you to allow or deny access.
However, basic users should remember that you don’t have to change your settings!
Configuring Windows Firewall
- Swipe right or point top-right and search “firewall,” then open Windows Firewall
- Use the option on the left to turn Windows Firewall on or off
- Set permissions for specific programs with the option “Allow an app or feature through Windows Firewall,” again on the left
- To open ports and set rules, choose Advanced Settings, then Inbound Rules or Outbound Rules, then “New Rule…” in the right pane. A wizard will take you through the process.
Configuring OS X’s application firewall
- Choose System Preferences from the Apple menu, then Security. Click the Firewall tab and then “Turn on Firewall” to enable the firewall.
- Click Advanced Settings to customize the firewall
- Choose “Block all incoming connections” to prevent sharing services from receiving incoming connections
- Click the Add Application (+) button to allow incoming connections for specific applications. Apps can be denied access with the Remove App (-) button.
Now you’re ready to set up your firewall(s) to prevent malicious connections, block network-wide access to harmful websites, open ports needed by your favorite services, and control individual applications’ internet access. For more detailed information, check your firewall’s documentation or help pages.