After a recent bout of DOS attacks (flooding mainly) and other issues, I've decided it's time to step up my home security. Currently, here is my setup:
Cable modem (serving ~25mbps)
Linksys router w/DD-WRT
24 port gigabit switch
~16 devices (12 wired, 4 wireless) and more on the way
I understand that NAT alone provides reasonable protection, but I want something that handles active intrusion prevention (similar to snort under *nix), which I know is more than my router can handle. Ideally this device would be in front of the router, since I really like the router's internal features and would prefer to continue using it for wireless (I don't want my wireless devices in front of the firewall device).
I've looked at several products, and I'm torn between software (on dedicated hardware) and traditional hardware implementations. I like pfsense and m0n0wall, but I'm concerned about constantly doing maintenance. I also like the look of some of the retail products out there, especially since eBay is flooded with cheap stuff from Juniper, Watchguard, Sonicwall, etc, but I worry that without a subscription these devices won't be worthwhile. Power consumption is a moderate concern and rackmount is preferred (I have around 8U free). Budget is maybe $50-150?
Any thoughts on the type of device I should be looking for? Or even a specific model? I'm new to dedicated firewalls (aside from the old PIX-501) and somewhat lost.
Cable modem (serving ~25mbps)
Linksys router w/DD-WRT
24 port gigabit switch
~16 devices (12 wired, 4 wireless) and more on the way
I understand that NAT alone provides reasonable protection, but I want something that handles active intrusion prevention (similar to snort under *nix), which I know is more than my router can handle. Ideally this device would be in front of the router, since I really like the router's internal features and would prefer to continue using it for wireless (I don't want my wireless devices in front of the firewall device).
I've looked at several products, and I'm torn between software (on dedicated hardware) and traditional hardware implementations. I like pfsense and m0n0wall, but I'm concerned about constantly doing maintenance. I also like the look of some of the retail products out there, especially since eBay is flooded with cheap stuff from Juniper, Watchguard, Sonicwall, etc, but I worry that without a subscription these devices won't be worthwhile. Power consumption is a moderate concern and rackmount is preferred (I have around 8U free). Budget is maybe $50-150?
Any thoughts on the type of device I should be looking for? Or even a specific model? I'm new to dedicated firewalls (aside from the old PIX-501) and somewhat lost.
Last edited:
