Home Firewall Software Recommendations

Michael Paulmeno · Mar 17, 2016

I am in the process of setting up a firewall appliance for my home network. This is more of a hobby/learning experience. While a Ubiquiti EdgeRouter would probably work well, I instead purchased a used Dell R210 off of eBay (fortunately it boots). The specs are:

-Quad Core Intel Xeon X3340
-8GB RAM
-1TB HDD (actually 2 devices, probably set up in a RAID)
-2 GiB NICS (there is a third which is probably for iDRAC only)

For my itty bitty home network the above will do.. However the OS for my firewall is a different matter. I want a firewall/UTM which is user friendly, feature-full, relatively easy to setup and maintain and works with Chromecast/Roku/Netflix, etc. My initial pick was pfsense, but many people have reported it has a steep learning curve. So my top picks are now:

-Sophos
-Untangle
-Smoothwall Express
-IPFire

Unfortunately Sophos has a new XG product which has not been well received, at least on Reddit. Smoothwall Express does not seem to be terribly well documented. Untangle is tempting and looks great, but takes a simple approach for better or worse. Does anyone have any recommendations or experiences they can share?

bill001g · Mar 17, 2016

Basically you pay for easy to use. Pretty much that is why checkpoint is so popular even though it is many time the cost of other commercial firewalls.

The problem is easy to use allows idiots to think their network is secure because they clicked some box not understanding what it means when they really opened a big hole.

The hard part about security is understanding the types of attack and what it takes to stop them. The firewall is purely a tool and easy to use is mostly just reduces the time to implement things. This is important in a enterprise organization where security staff is paid a lot and they have many firewalls to get changes made in. When you have all kinds of time editing up some nasty iptables rules by hand is not a big issue.

Good security is mostly determined by the person doing the work not so much the firewall

So even though it has a high learning curve things like pfsense are the best because you know why you are doing things.

Now all this likely does not matter in a home network. In general the NAT function does most the firewall function. It by default prevents any inbound traffic. So blocking all traffic is always better than some firewall rules.

Pretty much you only need a firewall when you are forced to allow traffic to a server...like a web server...and then you need to protect the server from attacks on ports you are forced to allow.

So likely the only purpose of a firewall in your house is as a learning experience you likely do not "need" a firewall.

Michael Paulmeno · Mar 17, 2016

Good point. I'm not learning much if I'm just checking boxes. As a general rule all my public servers are hosted in the cloud (AWS currently) so I don't have to worry about allowing traffic into my network. So for me this is mostly a hobby although I do want to learn a few concepts about networking and security along the way.

Kewlx25 · Mar 17, 2016

Pfsense only has a learning curve as high as understanding how networking works, which is not for everyone.

Michael Paulmeno · Mar 17, 2016

Interesting point. I already know some of the basic concepts and wish to learn more. It sounds as if Pfsense may be right for me.

abailey · Mar 17, 2016

I use Untangle at my house and really like it. They have a free version that is pretty powerful for being free. They also just released home pricing for their complete bundle. It is only $50 a year, which is really good for a UTM. Anyway even the free version is good. The learning curve is not too bad. There are videos online as well as a very good forum where Untangle employees can answer questions. My vote would be to give Untangle a try.

Michael Paulmeno · Mar 22, 2016

I think I will go with Pfsense as it offers the best opportunity to learn important networking concepts.

Michael Paulmeno · Mar 28, 2016

Over the weekend I installed Pfsense. It was far easier than expected. The most confusing part was getting the install image to boot. Evidently either Pfsense or FreeBSD does not like AHCI requiring a switch to Legacy ATA mode for my hard discs. Otherwise the setup was fairly straight forward, much to my surprise.

My fear was Pfsense would be hard to install and get working. While I can confidently state 95% of the system is still a mystery, everything on my network functions as it should. The default settings seem to work well enough. Only my old router, which I repurposed as a wireless AP by turning off the DHCP server and unplugging the WAN cable, was obstinate. However a quick power cycle fixed the problem and it began broadcasting its wireless signal. The internet definitely seems faster which makes sense given my firewall appliance's specs. I now understand how simple the average home network really is and why ISPs can get away with peddling such crappy router/modem combos. Most people's needs are so modest they will never notice many issues.

Thank you both for your advice. For now I am going to stick to the default settings, but may embark on an adventure into intrusion detection or some other advanced feature in the future.

Search

Home Firewall Software Recommendations

Michael Paulmeno

Honorable

bill001g

Titan

Michael Paulmeno

Honorable

Kewlx25

Distinguished

Michael Paulmeno

Honorable

abailey

Distinguished

Michael Paulmeno

Honorable

Michael Paulmeno

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page