Do You Need a Firewall to Protect Your Home Network?

When talking about network security, something that pops up quite often is firewalls. It’s very unclear what they are really doing for non-networking people except that they may block bad traffic. But how do they know what is bad what is not?

In this blog post, I wanted to clarify what a firewall is and that is exactly what you are going to learn if you continue reading. On top of that, I will tell you why you should not buy a firewall except if you are a company, then you should really get one. You’ll also learn some of the disadvantages of firewalls. But let’s start with what a firewall is.

What is a Firewall?

A firewall is not a wall to keep the fire out, however, it has similarities. A firewall in a building is there to block a fire so that the area behind it can be safe. A network firewall is working the same way. It keeps the area behind it, the LAN, safe from bad stuff that would like to get into a network.

Essentially, a firewall is your shield to the outside network. All traffic that comes into your network is scanned by the firewall and it will throw out any packets that are not allowed. It knows which packets to throw out based on rules that have been set up beforehand.

Something that is very common when configuring a firewall is to block everything and then add a rule for each thing that needs to come through. This could be quite long and isn’t very fun to set up but it’s secure, which is the whole reason why a firewall is there in the first place.

A firewall often has traffic logs as well so that you can see what the firewall is blocking and what it is letting through. While it may not be as interested to you, it’s very interesting for Enterprise to see which services and/or systems that are trying to reach out to the internet or entering the LAN.

While some, like Roger A. Grimes at CSO, doesn’t think firewalls are needed, I do believe that they are still needed. But does that mean that you, like a regular home user, should get a firewall? The simple answer is no, and here’s why.

Why You Don’t Need a Firewall

You already have one. Unless you have actively turned it off, you already have a firewall that is protecting you from the bad stuff. I am running macOS on my main computer and this operating system is asking me whenever a program or a system wants their traffic to come into the laptop. This way, I can decide myself if I want a program to be allowed into my computer.

The firewall is turned on.

If you are using Windows, you should get the same experience with the operating system asking you for permission. You will only get these questions on programs that you have installed yourself. The operating system will automatically allow traffic that is needed by the operating system as well as basic networking. On my Mac, I was also able to choose if I wanted to allow ping from outside the network or not.

But hold on for a minute now, isn’t a firewall a physical box that you need to configure? Well, yes, but there are two types of firewalls, software, and hardware. While they are doing the same basic thing, hardware firewalls tend to offer much more features and perform much better than software ones.

A software firewall that you have on your computer, will also protect your computer only. It will not protect your whole network, which a hardware firewall can do. These hardware firewalls are placed between the internet connection and the router, so that all traffic that is going to the router, has been filtered as OK by the firewall. This is not possible with software.

However, to get back to the main question here, for home use, there really is no need to get a hardware firewall as the firewall on your computer is good enough. Unless you are very interested and want to learn more about TCP, UDP, ports, and packets, then a firewall can be a fun way to get started.

What Does a Firewall Protect You from?

A firewall is like a gate, the first blockade.

A firewall can protect you from bad stuff, I’ve told you that already. But how does it do that and what exactly do I mean by “bad stuff”? When I say, “bad stuff”, I am talking about hackers and other unauthorized connections to your network. I am also talking about viruses and malicious code that you may end up getting in your email or download from the internet.

A physical firewall that is filtering traffic into the network, will protect against people that are outside your network and is trying to get in using different methods. If the firewall is correctly configured, it will block these connections and you can see that is was blocked from the log.

The firewall will also block a lot of unnecessary traffic in your network. I looked at the log that we have at my work and there is a lot of chatter that is being blocked by the firewall. What I mean by that is that there are bots that are trying many common ways trying to get inside. This has been set up by humans and if they get in, I guess if a bot succeeds, they will notify a human.

If you instead download a malicious software or get a file in an email, a physical firewall may see the bad file and lets it through. Then, you have the software firewall on your operating system that will protect you instead. Not from getting the virus on the computer but the firewall can block the virus from sending your information out to the internet. However, many viruses will add themselves to the OK-list on a firewall, which is how they get past this.

Basically, a firewall is very good at keeping anything that you don’t want in your LAN, outside of the LAN.

Why Companies Should Have a Firewall When You Don’t

According to, the biggest security issue is with your employees.

If you run a business and does not have a firewall yet, then I highly recommend that you get one. While you may not need one for your private network, a business network is often more interesting for an attacker than a private network, because of the information that businesses have. It is also common for small businesses to not have a strong network security, making it even easier for attackers to get in to see customer data and business financials.

Having a physical firewall is the very first line of defense against threats from the outside. By now, you should know the advantage of a firewall and it is simply a must for a business. It’s much easier to control one firewall than having to manage software firewalls on company computers, especially if you have a few of them. If you have hundreds of computers, then having one hardware firewall is a no-brainer, simply because of management.

If you have two offices on two different locations, having a firewall can actually connect these two offices using a VPN tunnel. What this means is that you have two firewalls on each site, that will then connect to each other in a secure, encrypted network tunnel. The offices will then be able to speak to each other, meaning that you can have network resources at one office only.

There are many other benefits of having a firewall for a business. It’s a great way to monitor the network traffic, making sure that your employees are not downloading torrents from the company network, for example. You are also able to block websites so that your employees can’t visit them.

Many of these problems are problems that you don’t have on your private network, and these are a few of the reasons why a business should have a hardware firewall, even if they are just a small business.

What are the Disadvantages of a Firewall?

But of course, there are disadvantages with a firewall as well. However, the benefits of having a firewall are always better than having no firewall at all, be it software or hardware. But it’s still good knowing the limitations of firewalls.

If you have a hardware firewall for your company, this firewall will not protect you from internal attacks that happens behind the firewall. This could be an employee plugging in a USB stick with malicious code on or downloading a software from the internet that looks like something else. If it has passed the firewall, you need to deal with it some other way.

When it comes to software firewalls, they are always in the background, checking for incoming and outgoing traffic for the computer. This means that the firewall will always take some performance from the computer that you may have wanted elsewhere. This is a problem that used to be big but nowadays the computers are powerful enough and the operating systems are smart enough, that there really isn’t any big performance hit. But if you have an old laptop, this could be a problem.


In the end, having a firewall for your home network is something that you already have. There is no point having a physical firewall unless you are interested, and if you are not interested, then don’t bother.

I would also advise against buying software firewalls. It is very popular for anti-virus software’s to include a firewall, that the advertisement says is better than the built-in but it’s usually not.

11 thoughts on “Do You Need a Firewall to Protect Your Home Network?”

  1. Nicely explained blog. Very informational. I usually thought that should be a small size firewalls that can protect our home devices from out side attacks. But still don’t required such things. I am still safe while using 24*7 internet and browsing many things on networks. So, agree with your point firewall is good for enterprises networks not for home.

  2. In reference to not needing a home firewall, does this change when you have smart devices like TV, lights and other household devices working off of your WiFi network as well?

    1. Hi Nancy,

      Yes, it does, and that is because these devices likely do not have a configurable firewall on them, also known as a Host-Based Firewall, like we have on our computers. Smart TVs, or other smart devices don’t have any sort of firewall we can configure which can leave them vulnerable to attacks.

      Most modern routers do have a firewall in them now, however, it is not very configurable, as companies make them for users to “set it and forget it”. In general, they block any connection trying to come in, and allow any connection going out. A network firewall can provide more granularity in what you allow going out, or to come in, which is better protection, but more maintenance. So most people should be okay with their current routers, however they can’t control much of what connections are allowed on the network. This becomes more concerning when you have smart devices that are not completely trusted. A network grade enterprise firewall can help lock down smart devices.

  3. hich type of firewall should the residential user implement, would be Software or Hardware? Kindly give me an example also in real-life based

    1. Hi Arianne!

      Great question. Generally, for the residential home owner, you will be implementing a hardware firewall. Whenever you buy a router and put it in your home, it has basic hardware firewall capabilities.

      However, you can also implement a software firewall on your computer, especially if you expect to travel with it. It will provide you protections when you are on the internet when using public wifi, and can be a great layer to add on top of a virtual private network (VPN).

      Some examples of software firewalls include Microsoft Defender Firewall, and GlassWire.

      I hope this helps!

  4. How about to prevent my children from browsing porn sites or any other sites that i don’t want them to access? are there any way to block those connections? or any consumer grade firewall i can use to prevent that?

    1. Hi Ernan,

      Generally, this type of functionality is referred to as url filtering or content filtering. The way this is achieved is by external services that provide knowledge of this type of content that they categorize for you.

      So for restricting access to adult content, or other such as games, gambling, etc, your firewall would need url filtering capabilities, or also known as Parental Controls. Newer firewalls / routers provide this functionality, such as Linksys Velop, Google Wifi, or Netgear Orbi. These services may be subscription based, or free, depending on the vendor. For example, Linksys provides Linksys Shield for $4.99 / month, or 49.99 / year for parental controls.

      Otherwise, if you don’t have a newer firewall / router with parental controls, you would have to block each website manually. That would be a very tedious process, hence the need for these services.

      The last thing I’d mention is these controls can be bypassed if your children purchase VPN access. At this point, the firewall would not see those connections. The only way to prevent access that is by restricting VPN access, which could possibly be done via parental controls, again, depending on the vendor.

      I hope this helps!

  5. If I want to turn on RDP so I can access my PC from outside my network but limit it to certain IP addresses (or even better, certain mac addresses) would an appliance firewall be the best option?

    1. Hi Kevin,

      Thanks for reading!

      So yes, you would want an appliance firewall (network firewall) to access your PC via RDP from outside your network. Likely, you already have a consumer grade router at home which is performing this function for you. Here you would do port forwarding, to forward incoming connections on whatever port on the router / firewall, to port 3389 of the IP address that is your PC. Depending on your firewall, you can restrict incoming connections to certain IP addresses. As for certain MAC addresses, this isn’t possible with a firewall. Since firewalls perform network base operations at Layer 3, and MAC Addresses are Layer 2 based, you won’t be able to filter by MAC Address with firewall rules. Even moreso, MAC Addresses can be easily spoofed, and do not provide a sense of security.

      Before you explore this option, I would highly discourage exposing RDP on your PC from outside your network. This is because there are plenty of vulnerabilities and methods to exploit RDP that a hacker can use to access your network. This is a very common way that hackers use to get into a network, and perform a ransomware attack, or other attacks. Additionally, RDP connections are not encrypted, so you could be exposing information on the network you’re using to get into RDP, that is if anyone else is snooping on the network. If you go down this route, be sure you have the latest versions of Windows and your router, but again, its highly discouraged.

      The best way to access RDP from outside your network is to set up a virtual private network (VPN), on your network. VPNs are best suited to provide an encrpyted connection to your local network. This prevents anyone from snooping on your connection and reading that information. VPN logins can also easily be hardened to with good security to make it difficult to exploit. Plus this has the added benefit of accessing anything else on your network, not just RDP on your PC.

      You can purchase a Raspberry Pi and set up a VPN with ease, using PiVPN. Here all you have to do is forward to VPN port from your router, to your Raspberry Pi IP Address, and go through the installer, and now your have a private VPN you can use with your public IP to get VPN access to your network. I recommend this VPN as I had used it personally and it worked well. Here is a how-to guide that should help with the install process.

      Hope this helps!

  6. vinilos decorativos

    Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.

Leave a Comment

Your email address will not be published.

Scroll to Top