Host based firewalls are fantastic for improving security, and allow rapid blocking of malware. Excluding a service from firewall rules is just begging for disaster.<p>It's rubbish decisions like this (and app telemetry like the OCSP borking), the similar (ad driven) madness on android and the extreme telemetry on Windows, that makes Linux so important. It's the only platform which doesn't actively seek to control how you use your own computer.