Fixme network is not firewalledneither is NATed. If you connect to ''FIXME'' or ''FIXME-5GHz'' WiFi networksnetwork, *you'll get a public IP address and your machine will be exposed to Internet*. If you connect to ''FIXME_NAT'', you won't have a public address, but it is however good practice to install a firewall. ''Remember that you are in a hackerspace, and that in hackerspaces there are hackers. Not protecting your machine is an invitation to the Lulz.''
== Linux ==
If you chose GUFW, you have to click on the ''Unlock'' button after starting the GUI, then check ''Activate'' or push the ''Status'' slider to the ''On'' position. The default configuration (Incoming: Deny; Outgoing: Allow) is a good start for beginners, and contrary to what it claims, critical service messages will still be able to reach your machine, as well as incoming packets for which you established the connexion (it is a stateful firewall).
You can use <code>sudo iptables -L</code> to list enforced rules.
Use <code>netstat -laputen | grep -i listen</code> or <code>sudo lsof -i -n</code> to know which services are listening on which interface/port. If you activated the firewall, listening ports might not be reachable unless you configured your firewall to accept incoming connection to these services.
An alternative to the above use of ''netstat'' is <code>lsof -i -n</code> which shows open ports and open connections in a nice way.
Use <code>nmap</code> from another machine to test your firewall configuration.
== Mac ==
Just deselect all sharing options. Unless you have any services you ran yourself (e.g. background tool, itunes sync, something over the command line, etc), this should cover most of what you need.
[[File:Mac_firewall.png]]