Up till now I’ve been running the home firewall and a couple of minor websites from an old (1996 or thereabouts) Pentium 3 box in the basement, that uses Debian. It seems to work reasonably well, and has been fending off bots and other threats with adequate ferocity. There seems no reason, however, to think that the number of attacks will decrease in the next little while, and every reason to suspect that one of these days the hard disk will fail, leaving me without a firewall. The websites are backed up and easily restorable, the time to set up a firewall and get it working with a PPPoE connection to an ISP that doesn’t understand Linux is what will take the time.
So I’ve been wondering about rejigging the whole network, getting an off-the-shelf hardware firewall/router that can feed into the wireless router. I’m a little paranoid about getting something that is secure but not intending to spend thousands. We’ve blocked all ports except the necessary ones on the system right now, except for allowing SSH access in and out, and, of course, port 80 for the web sites. Security will be particularly important as the kids move into the teenage years and start wanting to download stuff.
I’m looking for some advice here. Do I need anything more than NAT, DMZ, and forwarding appropriate ports to internal servers, which I can get from standard consumer-level router/firewalls? Any particularly good brands and models I should look for?