mick crane wrote: > I've never really understood firewalls. I think the idea is that they don't > let anything in that wasn't requested but if you go on a website there are > so many hundreds of scripts looking at this and that who knows what happens.
I notice you didn't ask a question, but I'll answer it anyway. Near the bottom of the stack of networking is a link layer. For ethernet and related protocols, that means that there's an address for each interface -- ethernet calls it the MAC address. If you build a firewall to intercept at this level, you can stop traffic from specific local sources. That's it. There are situations where we do this -- layer 2 firewalling -- but they aren't very common. The next layer up, called layer 3, is IP addressing. IP connections involve IP addresses and IP subprotocols: UDP, TCP, and so forth. This is where most firewalls operate. An L3 firewall usually starts with a generic directive to drop all traffic that it doesn't specifically allow, and then has a list of what to allow to each or all addresses being protected. So: you can stop all DNS traffic from Cloudflare, but you can't drop JavaScript embedded in a web page from Google. To do that, you need what is generically called an application-layer firewall, and those are usually set up on individual machines -- though they don't have to be -- and are frequently supplied with extensive, rapidly-updated block lists. Some of them you even run *inside* your web browser: uBlock Origin, for example. Highly recommended. -dsr- P.S. you may be wondering why the numbering goes 2, 3, "application". This is because: a) the OSI 7-layer model doesn't actually represent real networks in this universe b) everything above layer 3 is kind of squishy c) most firewalls are actually reflecting the owner's policies in layers 8 and 9 of the 7-layer model: religion and politics.
