[GRLUG] firewall

Mon Aug 26 21:50:10 EDT 2019

I suggest pfsense 

Best choice:
https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3

Cheaper

https://www.amazon.com/Firewall-Appliance-Gigabit-Celeron-AES-NI/dp/B07G9NHRGQ/ref=mp_s_a_1_3?keywords=pfsense&qid=1566870381&s=gateway&sprefix=pfsense&sr=8-3://www.amazon.com/SG-1100-pfSense-Security-Gateway-Appliance/dp/B07MTMPXKG/ref=mp_s_a_1_4?keywords=pfsense&qid=1566870453&s=gateway&sprefix=pfsense&sr=8-4

Or edge routers are nice and at 70 bucks.  They used to run a version of vytta 
https://www.amazon.com/gp/aw/d/B00YFJT29C/ref=psdcmw_300189_t1_B07MTMPXKG

> On Aug 26, 2019, at 5:52 PM, Grand Rapids Linux Users Group <grlug at grlug.org> wrote:
> 
> Dual interfaces: unfortunately, the RasPi only has one port, though it's gigabit if you want to do some vlan tinkering
> Open source: DD-WRT is pretty good if they support your hardware, might be worth a look.  Tomato might also work for you, but it has a more limited set of supported hardware (hence my never having tried it).
> Unifi Security Gateway: I like my USG when it works, though I think I got a bad update and might need to ship it back.  It also requires a controller running if you want anything do to anything with it more than VERY basic stuff (dhcp and dns configuration), so that'd be another computer (or raspi-like device) running on a regular basis, though I guess since you already have a Unifi AP, you've solved that issue somehow.
> 
> If you're looking to get more into the Unifi space (and already have a controller), the USG would be pretty good.  I've had more than my fair share off issues with it, but I get the feeling that I'm in the minority as most of the people I know that have them are pretty happy.  Unifi ships updates pretty regularly and it generally gets out of your way.  The downsides are that it takes a while to boot up and you'll need to turn off deep-packet inspection if you have more than 300Mbps of throughput.
> 
> Otherwise, the Netgear Nighthawk is very solid and it just gets out of your way.
> 
> --Thomas
> 
>> On Mon, Aug 26, 2019 at 7:56 PM Grand Rapids Linux Users Group <grlug at grlug.org> wrote:
>> I'd be tempted by something like this.  https://www.cnx-software.com/2019/02/20/nanopi-r1-allwinner-h3-gateway-dual-ethernet-wifi-bluetooth/
>> 
>>> On Mon, Aug 26, 2019 at 6:47 PM Grand Rapids Linux Users Group <grlug at grlug.org> wrote:
>>> I'm in need of a firewall/router and I really don't want yet another old computer running 24/7 in the house.
>>> 
>>> I have an old netgear wifi router that I have been using who's wifi wasn't reliable so I turned off the antennas and bought a unifi ap.  I'm still using the old netgear for port forwarding and firewall tasks, but recently settings have been changing and I suspect that this is due to unpatched vulnerabilities.  I've disabled most administration functions so I think I'm good for now, but I am looking for something to replace this.
>>> 
>>> Does the raspberry Pi have a dual ethernet interface?
>>> Maybe flashing the netgear with some opensource firmware?
>>> Maybe unifi Security Gateway?
>>> If running an old computer is the best I guess I could do that as well.
>>> 
>>> What are my best options?
>>> 
>>> Share and Enjoy
>>> Ben
>>> -- 
>>> grlug mailing list
>>> grlug at grlug.org
>>> https://shinobu.grlug.org/mailman/listinfo/grlug
>> 
>> 
>> -- 
>> Roger
>> 
>> Roger Roelofs
>> Know what you value.
>> -- 
>> grlug mailing list
>> grlug at grlug.org
>> https://shinobu.grlug.org/mailman/listinfo/grlug
> 
> 
> -- 
> Thomas
> -- 
> grlug mailing list
> grlug at grlug.org
> https://shinobu.grlug.org/mailman/listinfo/grlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://shinobu.grlug.org/pipermail/grlug/attachments/20190826/f20f92d4/attachment-0001.html>