The Firewall
The Firewall is a software component that protects you from threats. Internal and external.
In the early days, it was just an advanced security feature for UNIX/Linux OS and a network layer feature for the enterprise networks that allowed them to protect the network and reduce the attack surface from the Internet. After certain attacks on Windows computers, it became a critical built-in component introduced in Windows XP SP2 and Windows Server 2003 SP1. No idea about Macs.
While it is a real burden to manage it for the outgoing traffic, maintain the whitelist of the apps allowed to do so, and requires a certain level of skill/knowledge, it is useful for blocking the incoming traffic. Because why? Why would you even want someone to have your computer exposed to the network unless you’re dev sharing something from your system to the network (BAD practice and heavily abused by devs/juniors to do really stupid stuff like hosting databases/services in your corporate network instead of publishing it managed environment like cloud/servers).
And if you are not too paranoid, one setting that is cool and minimizes the chance of your system being hacked from the network is just to block everything that comes out of it. Eve-ry-thing.
Doing it is so easy that it’s the very first action I take on every new system I set up, even before connecting my computer to the network. To me, it is just a habit now.
On Windows, it is remarkably simple. Just open Windows Defender Firewall (firewall.cpl), find Turn Windows Defender Firewall on or off, and enable the Block all incoming connections, including those in the list of allowed apps flag. The result is immediate once you hit OK; no restarts needed. Just do not do it remotely, so you do not lose remote access to the system. Or do if that is your goal.
If you are a PowerShell guy, there is a cool single liner for you:
Set-NetFirewallProfile -All -DefaultInboundAction Block -AllowInboundRules False
Do not forget you need full permission on your system as a prerequisite and must run the command from elevated session (aka Run as Administrator).
Another concern to keep in mind is that with this set, your system will not respond to any connection from the network. So goodbye Remote Desktop, Media Server, Shared Folders, etc.
On the other hand, why would you even want to use it on a home system/laptop? Most users do not even know what it is all about, and they do not have to.
P.S. Fun fact, Android does not have such a feature at all. Hello Google, I do understand your focus is not on security, but seriously, why would you keep your system open to the network by default in the year 2026, allowing it to be exploited. Hopefully, there are solutions like GlassWire/Network to address it without rooting your device, but that is another story.