"I hear that firewalls mainly serve to stop stuff from getting out, as opposed to in." whereas the opposite is true.

There are tens of thousands of bots working 24 hours a day probing iP blocks looking for 'openings' into devices; done by sending various query packets.

When 'chinks in the armor' are found, further probative actions are taken...and Windows is chock full of open ports that permit packets in.

Firewalls greatly reduce that attack surface.

The 'outbound' aspect would alert when something is already inside the OS.

Firewalls do not add over-burdensome delays to 'Net exchanges, and DO NOT inspect packet contents...only the headers are examined and compared to 'asset request tables'.



Trying to manually configure the OS and monitor traffic would be a non-stop Herculean task, and best left to a hardware firewall (NAT router); software as a second choice.



"Ubuntu" relies on TCP/iP (et al) for Internet communications, but have far fewer "listening" ports by default, and are inherently safer than Windows, but: as the popularity of Linux grows, almost certainly the attack vectors will follow suit.



If you've had "trouble" with firewalls in the past, I would look for other sources of the problem rather than the firewall function.

A firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data

packets and determining whether it should be allowed through or not, based on a predetermined rule set.



Firewalls block connections to your computer from unknown sources, which helps to prevent security breaches. If you use a router to connect to the Internet, the router may already have a firewall configured which regulates connections from the Internet to your network.

XP has a firewall. Your router has a firewall. And any decent internet security program has a firewall. What's your question?