What's people's firewall choice

WJA96 · 19 Dec 2022 at 05:59

Bear in mind that Shields UP! is looking for open ports on your firewall. Anything that gets to your NAT function is already inside your firewall.

If you didn’t have the firewall ignoring all those inbound pings your NAT would literally just throw the doors open to anything that asked for the PC at position 2 on the routing list for 192.168.1.x /24.

Rroff · 19 Dec 2022 at 06:07

WJA96 said:
Bear in mind that Shields UP! is looking for open ports on your firewall. Anything that gets to your NAT function is already inside your firewall.

If you didn’t have the firewall ignoring all those inbound pings your NAT would literally just throw the doors open to anything that asked for the PC at position 2 on the routing list for 192.168.1.x /24.

NAT as implemented by pretty much any consumer device in reality is functioning as a stateful firewall in the most basic sense, outside of some professional/testing equipment I don't think you get pure NAT.

WJA96 · 19 Dec 2022 at 06:30

I think we’ll have to disagree on this one. But please feel free to turn off your firewall and see how long your network stays up.

WJA96 · 19 Dec 2022 at 07:23

Again, if you think about it, any appliance that allows you to disable NAT pretty much has to be completely divorced from the firewall.

MatteRB26 · 19 Dec 2022 at 07:24

Windows' own :cry:

WJA96 · 19 Dec 2022 at 07:33

MatteRB26 said:
Windows' own

Based on what?

MatteRB26 · 19 Dec 2022 at 07:40

We have no need for a more complicated setup

WJA96 · 19 Dec 2022 at 07:50

MatteRB26 said:
We have no need for a more complicated setup

But why are you laughing at Windows Firewall? Pretty much every Microsoft bundled product only seems to have one thing wrong with it - it’s stigmatized by being the one that comes free with Windows so everyone just assumes it’s pants.

MatteRB26 · 19 Dec 2022 at 08:19

I never laughed at Windows Firewall... I _use_ it :cry:

most people don't need any more than what's bundled with their OS.

I think you may be looking too deeply into the use of light hearted emojis here

Deleted member 77746 · 19 Dec 2022 at 08:44

WJA96 said:
I think we’ll have to disagree on this one. But please feel free to turn off your firewall and see how long your network stays up.

Let me just remind people. MS Blaster, Slammer, Sasser.

GaryTheSnail said:
Zone Alarm

I was joking by the way, a router firewall is a starting point, which is built into practically all routers.

Turn · 19 Dec 2022 at 09:24

MikroTik CHR

TheMightyTen · 19 Dec 2022 at 10:53

OPNSense on a dual intel NIC chinese fake NUC with a Celeron N5105 and 8Gb RAM. More than enough for my needs. Permanent Wireguard connection to Mullvad for some devices in Network, 4 of my devices have a wireguard connection inbound when needed offsite. Don't run Zenarmor as I don't want that overhead but run Suricata as it fairly low resource also run Adguard Home from it for network wide add blocking with Unbound as the DNS.

Couldn't be happier since I made the switch.

Rroff · 19 Dec 2022 at 13:12

WJA96 said:
I think we’ll have to disagree on this one. But please feel free to turn off your firewall and see how long your network stays up.

On most consumer routers disabling the "firewall" in the control panel won't disable the way listening ports on devices behind the NAT (and not in the DMZ/direct connection list) are isolated and neither does it expose your NAT layer in the way you mention above. You might be more exposed to other vulnerabilities and DOS attacks but that is another story.

On some enterprise/professional grade hardware it can be a different story as they are intended for a different use case.