Home firewall poll

What firewall do you run at home?


  • Total voters
    96
  • Poll closed .

cheezehead

Active Member
Sep 23, 2012
717
174
43
WI
With some of the recent talks/posts, curious as to what everyone is running for their home firewall? Poll is open for the next month. You can choose up to two in the event your homelab is different from your main home firewall.
 

TuxDude

Well-Known Member
Sep 17, 2011
615
336
63
I've started to play around with VyOS a little bit - but its not in any real use yet. And there's no poll option to pick it as a second.
 
  • Like
Reactions: Cole

StammesOpfer

Active Member
Mar 15, 2016
382
126
43
Forgot about Smoothwall, IPcop, Untangled, Zentyal, ClearOS, OpenWRT (x86), Sophos XG and then there is the Alt firmware of OpenWRT, DD-WRT, Tomato. I'm sure I am missing a few dozen.

But USG and pfSense for me. I've been meaning to try Sophos UTM but have run all of the above at one point or another.
 
  • Like
Reactions: Cheddoleum

BLinux

cat lover server enthusiast
Jul 7, 2016
2,528
975
113
artofserver.com
I just used a stripped down CentOS7 customized to my needs. No gui or anything, everything CLI. Although I see the appeal of well "packaged" solutions, I'm generally not a fan. I prefer to have the flexibility when I need something that's not part of the "packaged" deal. Basically, don't like to be limited by a project's or product's "feature list". But, I recognize I'm in the minority. 16yrs ago, I created a custom Linux distro that booted off a mini-CD and ran completely in RAM while saving config data to some writable medium - I actually really liked that kind of setup since you never have to worry about "state" and can yank the power cord knowing it'll boot right up to the same exact state. I was in the middle of doing a similar customization on CentOS 7, but systemd complicated some things and I've put that project on hold until I have more time.
 

wildchild

Active Member
Feb 4, 2014
394
57
28
Still using my juniper ssg520m cluster, but getting ready to switch over to vyos
 

niekbergboer

Active Member
Jun 21, 2016
119
39
28
43
Switzerland
pfSense, in a VM, on a Proxmox VE cluster.

The cluster removes the single point of failure, and the great (I think) thing about pfSense is that its entire configuration can be backed up and restored as a single XML file.
 

sullivan

New Member
Mar 27, 2016
24
16
3
I use a Mikrotik router. It provides nearly all of the capabilities of Linux IP tables with a web or command-line UI. The hardware is very inexpensive, low-power, and reliable (Linux-based OS kernel running on an embedded MIPS/ARM/PPC SoC). Unfortunately, the documentation has always been weak. So you may need to already know a fair amount about Linux networking to make good use of their systems.
 

mstone

Active Member
Mar 11, 2015
505
117
43
42
Been running a standalone home router since 2003, before that I just used a server that did firewall/nat along with whatever else it was doing. That was a soekris net4501, originally running linux off an 8MB compact flash card, got switched to openbsd in 2009 (with a bigger drive) to add some platform diversity. The same basic config from '09 got moved to an APU in 2014 because the net4501 couldn't handle the bump to 25Mbps on PPPoE. The 4501's still running as an NTP server, mainly for nostalgia. :)
 

mason736

Member
Mar 17, 2013
109
1
18
I'm a big fan of Sophos XG. The recent update to the interface was a much needed refresh. I run it in a vm on Hyper V 2012 r2.


Sent from my iPhone using Tapatalk
 

capn_pineapple

Active Member
Aug 28, 2013
356
80
28
I'm currently using a free Meraki MX64. When that comes off license though I'll probably jump back on either pfSense or Sophos.
 

CreoleLakerFan

Active Member
Oct 29, 2013
477
176
43
Upgraded to the new "switchport-bridge-enabled" iOS yet?
Nope, wasn't aware there was one available ... I did a quick Google search and didn't get any hits relating to 5506-x (other than the old ones of people complaining about it).

Got any more info?
 

CreoleLakerFan

Active Member
Oct 29, 2013
477
176
43
Oh, just checked the release notes from 9.7.1

A new default configuration will be used for the ASA 5506-X series. The Integrated Bridging and Routing feature provides an alternative to using an external Layer 2 switch. For users replacing the ASA 5505, which includes a hardware switch, this feature lets you replace the ASA 5505 with an ASA 5506-X or other ASA model without using additional hardware.
Sweet!
 
  • Like
Reactions: maze

maze

Active Member
Apr 27, 2013
556
84
28
Oh, just checked the release notes from 9.7.1



Sweet!
Havent gotten around to messing with it myself yet. But please do share your experiences - like the load when moving full 1g traffic between internal ports :)
 

Cheddoleum

Member
Feb 19, 2014
97
22
8
and then there is the Alt firmware of OpenWRT, DD-WRT, Tomato.
This puzzled me too: surely the router of choice for most knowledgeable home users is the well-vetted consumer router reflashed with third party firmware. OpenWRT now has the CeroWRT bufferbloat fixes backported and if I wasn't treating edge routing and firewalling as a subfeature set of a more elaborate network appliance I'd still be doing it too.