[Solved] To deny all?

Ok, I’m confused. If you use deny all for ingress on your host based firewall, you don’t get anything. Why would you want that? Or is it deny all except port 80, 443, 25, 110, etc.?

Sorry to be dense here, but I want to make sure I’m getting this. Thanks.

Ingress = inbound. Unless a device is acting as some sort of server to something it does not need inbound connections enabled.

A desktop would need outbound connection to be enabled for port 80, 443, 25, 110. Not inbound.

When a connection is made outbound to say port 80 the firewall will maintain state i.e. remember you made this connection and allow the traffic to come back. But this is not inbound port 80. This is connecting to the source port that created the outbound connection through a state-full connection.

netstat will give you something like

firefox nathan 1 IPv4 TCP 192.168.1.8:61160->104.16.32.11:https (ESTABLISHED)

Got it. In other words, nothing should be able to get to your device unless it’s invited in first. The firewall remembers that your device asked for the connection and will then allow the external IP to connect back.

So it’s vampire rules of engagement: you have to be invited in first.

lol. You could call it that!