Home workstation security with regards to firewalld
 

I have a Fedora 21 system running firewalld.

I have no experience configuring firewalls or iptables. I would like to setup a strong firewall on my home workstation but I have no idea how to configure the ports and services.

I have read a lot of documentation on firewalld and I understand how to configure the zones and services but this is where I am at a loss:

If my understanding is correct, then if you start with a zone that has no services added to it and no ports added to it, then everything is blocked and this is the most secure. Now you must add ports or services that you will need opened in order to use your computer as you would normally expect.

So I know about opening port 80, and whatever port I put ssh on, and then I have no idea. There may be hundreds of applications and services running on my system.. how am I to have any idea what ports they might need?

Is it really necessary to get that low level just to be able to configure your home firewall securely? I am not trying to be lazy I just find it remarkably difficult to find any starting point for figuring this out.

Thank you for your help.

Unless you really want to learn how to configure iptables manually, you can install gufw. It's an excellent, easy-to-use GUI frontend for iptables. It should be in the repos.