M33 - Firewall: GUI and CLI

Networking

Firewall: GUI and CLI

Understand what a host firewall does, inspect common firewall tools, and make only deliberate, minimal rule changes in the right context.

35 min INTERMEDIATE BOTH Curriculum-reviewed

Prerequisites

Module M30 - Network Config: CLI Module M32 - Network Diagnostics

What you should be able to do after this

Explain what a host firewall is controlling.
Inspect basic firewall state on each platform.
Understand why minimal, intentional rules are safer than broad openings.

Why This Matters

A service can be listening correctly and still remain unreachable because a firewall is blocking the path.

That is why firewalls belong in the networking model rather than in a separate mystery category.

1. What a Host Firewall Does

A host firewall decides which network traffic is allowed to reach local services.

That means it can:

allow a needed port
block an unwanted port
restrict traffic based on direction, protocol, or other criteria

In simple terms, it acts as a gatekeeper between the network and the local machine.

2. Inspect the Firewall First

Before adding or removing rules, find out what the current firewall state already is.

wf.msc

GUI inspection is often the clearest first step on Windows.

sudo ufw status verbose

3. Prefer Minimal, Intentional Rules

A safer firewall habit is to open only what is needed, not everything that might possibly work.

Examples of safer thinking:

allow one service, not all traffic
prefer the narrow port or protocol needed
understand whether the rule is inbound or outbound

Least-Exposure Habit

If a service only needs one inbound port, do not create a broad rule that opens far more than that.

4. Firewalls Are Not the Only Gate

A host firewall may be only one control point.

There may also be:

router rules
cloud security groups
upstream network firewalls

So “I opened the port on the machine” does not automatically prove the full path is open.

What to Ignore for Now

advanced packet filtering syntax
complex enterprise firewall policy design
deep stateful inspection internals

The important skill here is knowing where firewall checks fit in the troubleshooting chain.

Before You Move On

You are ready for the networking capstone when you can:

explain what a host firewall does
inspect basic firewall state on your platform
explain why narrow rules are safer than broad ones

Next, we put the networking model together in a full connectivity-debug scenario.

Study flow

Read for understanding first, practice immediately after, then mark complete only when you can explain the idea back in your own words.

Network labs Arena drills Command library

Self-check

What problem is a host firewall solving even when an app is listening on a port?
Why should firewall rules be as narrow as practical?

If not yet, do one more practice pass before you move forward.

Move on when

Explain what an inbound firewall rule is in plain language.
Name one risk of opening a port too broadly.

Completion matters only if you can do these without leaning on the page.

Review rhythm

After you finish, come back tomorrow for a short no-notes recall pass.

Use spaced recalls around day 1, day 3, day 7.
Try to explain the main idea before reopening the page.
Do one related lab or command lookup from memory, not recognition alone.
Re-read only the parts you could not retrieve cleanly.

Learning context

Best for

Need structureDeveloper expanding into systemsIT / support / sysadminSerious hands-on operatorStarting from zero

Pathways

Career operator pathDeveloper to systems fluencyFoundations first

Study fit

Beginner-safe Prerequisites are strongly recommended Balanced lesson and reference

This lesson is paced to support newer learners without assuming too much prior system experience.

This lesson is meant to teach the idea and still leave you with usable command and workflow recall.

Topics

firewallUFWWindows Firewallallowdenyport

Use right after this lesson

Lab LAB-NET-04 - Ports and Connections Lab LAB-SEC-01 - The UFW Firewall Library ufw Library netsh Library New-NetFirewallRule

On this page