No announcement yet.

Pre-made vs. Custom Firewalls

  • Filter
  • Time
  • Show
Clear All
new posts

  • Pre-made vs. Custom Firewalls

    Hi all,

    Recently, with some old hardware kicking around, I've been debating on building myself a firewall using software such as pfSense or Smoothwall. I noticed a particular thread from several years ago (namely here), which suggested that hardware firewalls are probably the more secure option to take rather than running a firewall based on a major operating system (I believe it was skroo who said that). Has anything changed on this front?

    Currently, my network is just run in my house. In comparison to the average home, it's a larger network (2 desktops, 3 laptops, and 2 servers that I use for data storage and some small server hosting, along with a couple switches for routing cables), but by no means big in the grand scheme of things. The gateway is a DI-604 router, and I have a Open-WRT modded WRT54G as my AP. I temporarily installed pfSense on an old box I had kicking around, and immediately noticed that my download speed doubled (went from 400KB/s to about 775KB/s). While the extra bandwidth is nice to have (along with a whole slew of other features that pfSense offers), does the potential vulnerabilities of an operating system trump any benefits that may arise from being able to run other services on the gateway, such as the Snort IDS? Any reason why I should steer clear of pfSense and go for another Open Source solution such as m0n0wall or Smoothwall?

    <aside>My first post on the Defcon forums despite lurking for quite a while. Quite frankly, I was scared shitless about making at least a decent first impression - hope this first post is up to snuff. Although by no means a guru at any particular part of hacking or security, I know enough to get by most of the time, and enough to make me feel like vomiting any time somebody asks a stupid question. Looking forward to attending my first Defcon this year, meeting some new people, learning more than my brain can handle, and hopefully giving back to the community in future years. </aside>

  • #2
    Re: Pre-made vs. Custom Firewalls

    I know a number of folks that recommend the Mikrotik firewall. You can build it to run on a SSD. I'm interested in this as well. I'm looking to build a low cost firewall/VPN box. I'm thinking of trying something like OpenWRT or DD-WRT on an embedded device.

    I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me


    • #3
      Re: Pre-made vs. Custom Firewalls

      I've heard various good things about pfsense but haven't tried it myself.

      Also don't forget to think about what your firewall is protecting, if you have a specific need see what gives the best results (after weeding out the inferior products obviously) and please don't forget your nice shiny hardware firewall wont be much protection when your vista laptop is connected to the Starbucks wifi or your mates poorly protected network.*

      *Not that I am trying to imply that you drink at Starbucks or affiliate with people with poorly protected networks, or that you have a vista laptop for that matter.


      • #4
        Re: Pre-made vs. Custom Firewalls

        I've run a smoothwall firewall for the last four years at least with no problems. Probably longer, but there were some ventures into ipcop for a while, and I tried out clark connect for a while too. Have had no issues that weren't self induced.


        • #5
          Re: Pre-made vs. Custom Firewalls

          Originally posted by barry99705 View Post
          I've run a smoothwall firewall for the last four years at least with no problems.
          Smoothwall works well for me, too. Mine has been up continuously for at least three years, barring the occasional upgrade.
          "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird