Every time a device goes online it talks to hundreds of external servers. Some are harmless, some aren't. A firewall is the mechanism that stands between your network and all of them, deciding packet by packet what's allowed in and out. It's the difference between a controlled door and one left wide open.
What a firewall is, in plain terms
Think of it as a customs officer at the border between your network and the internet. Every connection — incoming and outgoing — gets checked: where it's from, where it's going, and whether it can be trusted. Modern firewalls filter on IP address, port, protocol, application, and even traffic behaviour. It's the first line of defence, and switching it off is like removing that border check entirely.
Why you need one even with antivirus
The two solve different problems at different moments. Antivirus reacts after something malicious lands on the system. A firewall works before — it stops the suspicious connection from being established in the first place, or stops a compromised app from "phoning home."
At home it blocks the unwanted outbound connections that malware relies on. In an organisation it controls which resources staff can reach, absorbs scanning and flood traffic, and governs how sensitive data moves. Turn it off and within minutes you'll be getting probed by port scanners, bots and malicious hosts — especially with weak passwords or remote access exposed.
How it works
The firewall inspects each packet, compares it against a set of rules, and decides: allow, drop, or send for further inspection — a strict guard checking against allow-lists and block-lists. Simple firewalls look only at IP and port. More advanced ones factor in the application, the content of the traffic, and behavioural patterns.
Concretely, a firewall will catch things like a trojan trying to reach its control server, a browser heading for a known phishing host, an unknown program trying to exfiltrate data, or an unsecured port being opened to the internet. Even if a user clicks a bad link, the connection can be intercepted at the request stage.
The main types
- Hardware firewalls sit at the network edge — high-throughput, centrally managed, common in larger organisations.
- Software firewalls run as an application on a PC or server. The built-in Windows firewall is the everyday example.
- Cloud firewalls run on the provider side, outside your own infrastructure — handy for SaaS and remote setups.
- UTM / NGFW combine filtering with antivirus, VPN and deep packet inspection — enterprise-grade.
- Proxy firewalls sit traffic behind an intermediary rather than letting it flow directly, which is relevant when you're routing connections through proxies and switching between HTTP(S) and SOCKS5.
Setting one up sensibly
Having a firewall isn't the same as configuring it well. A few principles that hold up:
- Default to deny. Build allow-lists — permit only what you actually need, block the rest.
- Whitelist your tools. If you route traffic through a VPN or proxy, add those connections to the exceptions, or the firewall will quietly block them.
- Use region blocking where it fits — cut off connections from regions you never expect traffic from.
- Update rules as things change — new software, a new proxy type, a switch from HTTP(S) to SOCKS5.
- Turn on logging and alerts, and pair the firewall with antivirus and intrusion detection rather than leaning on any one layer.
On Windows you'll find it under Control Panel → System and Security → Windows Firewall, where the advanced settings let you define inbound and outbound rules. To confirm it's doing its job, check the status in Windows Security, test open ports with a port checker, and watch the logs to see what's being blocked.
No defence is complete without traffic filtering. Whether you're on a laptop, running a server, or routing work through proxies, the firewall is the layer that decides what reaches you in the first place — which is exactly why it shouldn't be the layer you skip.