Skip to content

How to assemble a low cost firewall with professional capabilities

Selecting a firewall is not a trivial decision.  Generally all firewalls are software-based. The embedded firewalls are simply very limited-capability programs running on a low-power CPU in order to obtain lower power consumption. You have to list your needs and select the software and then the dedicated hardware that can handle them. As first step we need to list our needs for the firewall.

Here is our request list :

  • Cost Free
  • Hardware dedicated and embedded solution with low power consumption
  • FreeBSD based for stability
  • Throughput at 30 Mbps since i had a 24/1 mbps adsl connection

Going at wikipedia (comparison of firewalls) we can find two options :

Both are excellent solutions since they provide a version targeted for embedded use. Notice that the pfSense project started as a fork of the m0n0wall. Ultra simplifying pfSense is better in the aspect that it has more features, however m0n0wall is better in the aspect that it is smaller and needs less resurses. More information about this aspect you can find by reading the BSD_Firewalling pdf document.

Let's find out what hardware we need to get to obtain a throughput at least 30 Mbps. By reading the m0n0wall documentation we can see that the Soekris 48xx can reach the 30 Mbps. From the Soekris we can see that a solution like this would cost about 200$ (150€).
The hardware sizing for pfSense can be found here and from the book pfSense: The Definitive Guide. The ALIX — 500 MHz Geode can handle up to 85 Mbps.
The ALIX 2D13 offered by PC Engines cost about 115$ (80€) .

So we selected the combination pfSense + ALIX 2D13 since it was a cheap hardware embedded solution  and could handle pfSense which offers more features using more CPU than m0n0wall.