What to Block in Personal firewall ?

The most difficult part of implementing a personal firewall is knowing what to block. The simplest answer is that you should block all unsolicited incoming traffic. This means that unless you are browsing a Web site or making a purchase over an SSL-enabled Web site, you should block incoming traffic you have not initiated. In both Windows- and Linux-based systems, a number of ports are open by default that can be dangerous to your system. In addition, several ports exist that are really of no consequence, and it does not really matter whether you block them.

For the typical home setup, in which you have perhaps one or two machines and are not running server software such as your own Web site or mail server, blocking incoming traffic using firewall software is easy. If you're running applications that can open ports on your system, such as PCAnywhere or Winroute Web Administration, you must be aware of what these third-party applications open on your system. Several of the ports you really need to be concerned about (whether you run Windows or Linux) and ensure that your firewall software blocks if you are not running server software include

• FTP (21)
• Telnet (23)
• Mail (25)
• DNS (53)
• Finger (79)
• Web (80)
• Sunrpc (111)
• Auth (113)
• SNMP (161)
• EPMAP (135)
• NetBIOS-NS (137)
• NetBIOS-SSN (139)
• Microsoft DS (445) TCP, (445) UDP
• R-Services (511-515)