Why should I keep my software firewall

As the expiration of my firewall is set to happen in a few weeks. I am considering using my routers firewall to handle the firewall needs. I have a (WRT54GS v1.1) with flashed firmware.

I am wondering if anyone is using their router to handle all the firewall needs. If so, how are you doing with it.

I am not soliciting recomendations for new software firewalls. I do not install very many things off the internet. I do understand outgoing application filtering can be handy. I want to see if anyone has gotten rid of thier software based firewall altogether and went all hardware based and the experiance doing so.

Funny, I just did the extact reverse in January. Went from HW firewall only to HW + SW Never had a problem with HW firewall only. Just seems to be the thing to do these days so I just went for SW too. I figured $30 for some extra security is worth it.

i gave up on software LONG ago.... ipcop is my baby now, before that it was linksys wrt54g v5 with flashed firmware...

It all depends on you. If you download a lot of stuff like I do, and would rather programs NOT being able to phone home, then you'll definitively want a good software firewall. If you don't download many things, then you probably don't need a software firewall. You probably don't need an anti-virus as well.

Ditto what Templi said. Unless you manually configure your hardware firewall (hardware could be a standalone unit, or a Smoothwall/IPCop box, same difference), any malicious software would still be able to phone home. Good software firewalls will prevent any outgoing connections, alert you to it, and allow you to decide whether to allow the traffic or not.

I understand all about software phoning home. I am very picky about what I install. That is the least of my concerns. What I do install, I know what it does prior to installing it.

I wanted input from those who went full hardware firewall and if they are happy doing so and the experiance.

Are there any other uses on your same network that DL crap off the net? If so, and they get infected, it is possible for YOU to get infected if you are not running a Software FW. The Network PC's are not protected from each other by a Hardware NAT Firewall since the NAT takes place between the WAN and the LAN.

That is about the only reason I see for running both. I'm 100% happy with a Linksys SPI NAT Router and Windows SP2 Firewall for just that reason...

This is a standalone computer. I have the kernel harderned and other personal Enablingwolf touches..

Reading personal experience going from the seemingly standard 'have to run software' and bucking the system going full hardware. That is my intention creating the thread.

Things like. What stumbling blocks did you encounter? How long does it take you to set the IPTABLES.. ect.. What do you use if anything for the IPTABLES so it is easier to configure.. Stuff like that.. The experience using a hardware only firewall/

I am kind of set etting the software expire. before switching over. I wanted to read some experiences. Tht way I can gain before hand.

I generally refrain from software firewalls. My WRT54G works fine for security.

I used to use the hardware firewall in my router and a software one. I started having problem witht eh software one not letting my play some games, and jsut gernerally slowing down my internet.

Decided to just remove it and rely on my router's firewall. Have not had a problem in the 6 years I have been doing it.

I should note I turned on XPs crappy firewall, just to shut the security center up though.

You can disable security centers alerts for all 3 services it monitors. If you click on the alert, I believe the option you want to click is on the bottom left hand. Its something like "Configure Security Center Alerts". It'll take you to a new screen that will allow you to turn off each individual service that it monitors so it wont alert you at all if Windows own service is not running, or you dont have any other compatible service running.

^
You can also disable the Service

Oops - Internet is freaking out

I've been using the D-Link DI-704 firewall/router since 10/25/01, the same day I got XP. The price was half off plus a mail in rebate so it was free if you bought the full version of XP.

Setup for me was a rather daunting task, only because I really had no idea what I was doing. My first build, brand new OS and roadrunner not offering support yet for XP. The biggest problem I had was playing online games, but it wasn't really a problem I just had to learn how to configure the firewall.

Since then I have never used a software firewall more than a day or two as a trial, even though everyone says you should. I just find them to be annoying and obtrusive.

I have really had no issues with it and even ran a long time with no AV. I don't even know it's there which I like. I have updated the firmware a couple of times. But it's not supported by D-Link anymore so there will be no more updates. I wouldn't surf the net without it though.

I kind of have done the opposite of everyone here.

I used to run an IPtables / Ipcop setup with Zone Alarm. I actually used the default config, but modified blue to act like another green. For the application, I really needed two seperate lans and no dmz.

After that, I went to pfSense and dropped Zone Alarm. I really, recommend it. I have had nothing but good luck with its packet shaping capalities, OSPF routing, and 802.1Q capabilities. It is as close to Cisco equipment you can get without the Cisco expense.

Now, I have been more concerned about the power bill and to a lesser degree my impact on the environment. I bought a little Cisco 1720 that I have running NAT overload with the 12.1 IOS. It is really nothing fancy. I went to this direction because it only uses a max 20 W of power. A P3 450-600 (which uses significantly less power than current processors) runs at 38 W at idle.

You can find the 1720's on ebay for $20 - $30 plus shipping and they will blow away the all in one units, but unlike most Cisco gear, they don't do 802.1Q. Personally, I haven't had problems yet.