[TriLUG] Linux Firewalls for Home LANs... How Come?

[Mike McLean]

Scott Chilcote wrote:
> It's not like I didn't have some old hardware that I could have put to
> work doing the same job.  But is there a great reason not to plunk down
> $100 for an appliance for this purpose?

There are reasons.  Of course, it all depends on how much time you have
and what you want out of your firewall.  

1) An appliance is not necessarily immune to exploits.  In fact, if tons
of people use box XYZ to secure their home lan, then you can bet someone
will find an expoit.  Of course, a linux box is not immune to exploits
either, but at least you can keep up with errata.

2) Fine control.  See the tread earlier about dynamically blocking an ip
address that seem to be attempting exploits.  Stuff like this is
impossible with a $100 firewall hub appliance.

3) Logging.  Sometimes it is nice to see what's getting blocked.  With a
linux firewall you can do this easily.

4) Paranoia.  If you build it, then you know exactly what it does.  If
you buy it, you are trusting the manufacturer.