Toshi Esumi wrote:
On 2/2/19 1:28 PM, Dave Howorth wrote:
Most of my home security depends on my ADSL router and especially on the NAT it provides.
Setting a proper FW at the entry point is the most effective way. That's why it's called a FireWall -- peaceful world inside of it whatever you have inside. My suggestion is:
1) find a proper FW that suits your need, satisfaction and budget, either a PC/server based (of course with two NICs:inside and outside) or a dedicated box/chassis based (always come with 2+ interfaces for both sides), and hopefully coming with a subscription to update virus/malware/etc. signature database as soon as possible. In other words, look for a business class FW targeted at home offices.
Hopefully I don't offend anyone, but buying a business class FW with an annual license is overkill and really only for IT managers. For protecting Dave's home network, a Raspi with openSUSE and iptables will suffice. Dave said he has ADSL, so no more than 100Mbit/s downlink which the Raspi (or similar) will easily handle. For comparison, think of what kind of CPU might be sat in the ADSL modem.
2) Put your vendor ADSL router/modem in modem/bridge mode, so that the FW in 1) behind the vendor modem can handle NAT/VIP and all other firewalling needs.
Agree. -- Per Jessen, Zürich (-5.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org