[Noisebridge-discuss] Recommendations for home firewall?

Casey Callendrello c1 at caseyc.net
Sun Sep 19 19:37:33 UTC 2010 

  Openwrt is decent, but as a long-time user it's been leaving wanting 
more. On the WRT54G, at least, the lack of ram and persistent storage is 
too limiting. The funky package management system is clever, but very 
limited.

My next router will almost certainly be a bookshelf-style Intel ATOM 
mini-pc. They are are fast, cheap, efficient, and supremely 
customizable. It's hard to justify spending $$$$$ on embedded-style 
hardware anymore. Almost all of the miniboxen I've seen have either two 
gigabit wired interfaces, or one gigabit and one 802.11b/g/n card. I 
plan to just use a USB Ethernet adapter to connect to the cable modem 
(which won't be pushing enough traffic to cause a bottleneck anyways.

All kinds of exciting things open up when your router has a real OS and 
hardware. For example, I really want to run my own DNSSEC-aware 
recursive resolver (begone, Comcast!), and that currently isn't really 
easy / possible in openWRT land. I would suggest sticking with pfsense, 
but moving to commodity hardware.

Oh, yeah, ipv6 on openwrt is completely unsupported. It works fine, but 
don't expect any sort of configuration interface.

--Casey


On 9/19/10 11:39 AM, Joel Jaeggli wrote:
> On 9/19/10 10:57 AM, David Stein wrote:
>> For years, I've been using pfsense on a PC Engines WRAP system as a
>> home firewall.  Now that pfsense is based on nanobsd, the WRAP board
>> becomes a little cumbersome.  It's time to move on.  Any
>> recommendations?
>>
>> DD-WRT seems really popular.  Perhaps on something from Netgear?  A
>> combination firewall + 4 port switch + wireless access point + cable
>> modem would be great.  Never seen one though.
> cable modems are basically ethernet/docsis termination devices... your
> overall sanity will greatly inrease if you keep the functionality
> seperate as the modem is meant to be configured from the cable side.
> while you're at it you can get a docsis 3.0 modem and be prepared for
> both higher speeds and ipv6
>
>> I definitely want something that I can upgrade without taking the CF
>> card out and reflashing it.  Right now I need a screwdriver to take
>> apart my little WRAP system each time an upgrade comes out so I can
>> get at the flash card.
> if you want to fiddle with openwrt,
>
> http://ubnt.com/rspro
>
> is a very cool board
>
> by the time you add radios an enclosure and poe injector, it's a bit
> spendier than they describe but it's a cool piece of hardware.
>
>> Budget<  $300.
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss

More information about the Noisebridge-discuss mailing list