Since it seems like you're looking for hardware firewalls for home use I personally would suggest MicroTik (http://www.mikrotik.com/). They have some really nifty stuff. For example they have a 128MB IDE Flash with the software on it, so you just slot it in your motherboard and you instantly have the router/fw set up. They also have lots of nifty wireless gear too.

No worries. By doing some reshuffling of the network infrastructure, I was able to get the WRT54G positioned in such a way that the IDS could monitor all of the traffic between it and the wired network. Since this was in the *really* early days of firmware hacks for those boxes, it was pretty much my only option. That was a couple of years ago and I've just left it that way ever since. The decision had nothing to do with WRT54G performance or other issues - in fact, I was very happy with it up to the point where a cheaper-than-dirt Pix fell into my lap, and am still more than satisfied with its performance as (essentially) a wireless bridge. Hell, we even used it as our AP at LayerOne last year and it performed brilliantly.

Sorry you've lost me?
"Hardware firewalls are dedicated devices" - yes agreed.
"you suggesting that corporate environments should run dedicated PCs (for example) as firewalls?" - yes? Well they can if they feel it is necessary. Obviously is depends on circumstances and many other things. But my main point was that corporate environments are much more suited to having dedicated machines than the home environment in my opinion.
Is that what you mean? Sorry Im a bit confused.

Yes, I realise that was a bit retarded. It was in relation to "Voltage Spike"'s post above mine with the power usage issue.

All right. Let me see if I can clarify.

We're on the same page so far.

Right, I think I see where you're coming from, so will attempt to answer accordingly: yes, there's nothing preventing them from doing so, but in general it doesn't happen. More:

Not exactly - I think what had me confused was the use of the term 'machine' in this context. When I hear 'machine', I think PC or equivalent. When I hear 'device', I think dedicated piece of infrastructure (router, switch, firewall, AP, etc.).

Answering the point raised, though, it would generally go against best practices to run firewalls on PCs in a corporate environment. From the standpoints of management, vulnerability, and efficiency it's generally better to have an infrastructure device in place carrying out whatever task it's intended for than a general-purpose computer.

Think of it this way: you work for Company X, whose entire routing infrastructure is based on ISA under Windows 2000 (it would be crappy, but it's doable and only an example, so bear with me). The worm of the week hits one of your internal machines before a patch is available. It now spreads to your routing infrastructure, meaning that not only has it a) killed its path of infection, but also b) brought your network to its knees, meaning that c) you can't effectively patch the affected machines. With dedicated infrastructure in place, the likelihood of that infrastructure itself being taken down by <insert threat here> is greatly reduced. Not eliminated, but reduced.

Note that I'm not saying that only a Windows routing platform would be a mass-nightmare scenario in a situation like this: remove the worm from the equation and replace it with a zero-day remote root exploit in, say, iptables, and you've got the same potential for disaster in a Linux-based environment.

I don't mean to piggyback on this thread, but my question is very similar and the answer should help Spanners as well. I happen to have a 2 more motherboards i've managed to stuff into my pc case, and I was thinking I'd run one as a server and one as a firewall, just for kicks. I was wondering if someone could recommend the platform to use for the firewall. I was thinking between *bsd, gentoo, or a linux-firewall distro. The goal is to learn the most while setting it up, and end up with a secure firewall. Can someone who has setup a pc as a firewall offer a suggestion on which platform would best meet those goals?
-ff

Wait.. are you saying you put two motherboards in a single PC case?

yeah, in addition to the one that's supposed to be in there. It was quite a project. Hardest part was getting all the PSU's in.
-ff

Myself, I'd think it would definitely be possible.

However, what I'd want to know is:

A) whether it'd be wise to do so, and

B) just how much cooling equipment you'd need to make sure that your fancy new homebrew surfer/server combo system doesn't become a very expensive paperweight.

(My money's on water-based liquid cooling and four case fans - two intake, two output - at least.)

The trick is to use equipment that doesn't get as hot. The main computer is decent system. The two added motherboards are from older pc's, and a smaller form factor. I believe they used to be emachines and they run around 700mhz (p3). I'll probably add a small fan to the front, just to kick up some more air through the two boards. Probably not the best idea, but it was a lot of fun. So....any firewall suggestions?

Hardware firewall fun -

The WRT54G makes an excellent firewall and a ton of apps are out there for it, including openvpn and some other nifty things.

PFsense, I use it currently on a test box, however it is internal net only, I don't feel it is ready to be pushed out just yet. It is also really easy to set up you say your internal and external nics and bam, it is up routing with a web based configuration panel. It is based on PF which is openbsd's firewalling solution which is really robust. If you got an old box you might want to give your own set of pf rules a whirl.

Well, I'm not too expereinced with server protection, but here's what my experience has taught me:

99.9% of all problems regarding so-called 'hacking' are directly traceable to user ineptitude, with Clueless Bobby Enduser downloading and running that attachment that seems to come from a friend and purports to be a screensaver with naked pics of (insert celebrity here) - or some similar idiocy.

Therefore, most people won't need some fancy security suite like Encom UberDefender (Corporate Decker Edition), and standard off-the-shelf stuff works just fine. However, I would recommend that you not use BlackICE Defender, as it's half a firewall (namely, the intrusion-detection half - it stops outside programs from accessing your computer, but does nothing to stop programs from sending information out to the 'Net). Mind you, I last read up on BlackICE Defender about six months ago, so this data could already be out of date.

Now, my personal preference for a firewall would be either Zone Labs' ZoneAlarm or Tiny Personal Firewall for the surfer-side part of the system, and possibly add a second hardware firewall on both connections. (Correct me if I'm wrong, but I believe it's possible to connect multiple computers to a single hardware firewall.)

I don't use hardware firewalls myself, mainly because - unlike most people - I'm still stuck on dialup, and a dial connection's usually too slow to be of any real use to a malicious hacker. There may be some out there who have special uses for hijacked dial-up computers, but I haven't heard of anything (outside of DDoS and DRDoS attacks).

(I would also recommend you test your firewall setup with Gibson Research's ShieldsUP!, but that's just part of my test routine.)