What is the one most important thing for a newbie to know about rule based firewalls? I'm talking about specific knowledge,/facts not general principles like "deny everything untill you can figure out if it is necessary" Personally I think it's the concept of server and client (ephemeral) ports . I mean most people quickly figure out that TCP 80 is HTTP, but they have no clue how to configure the rule. Is port 80 remote or local? If remote, what port should be local?