(The church I have been helping upgrade network and Wifi is purchasing a Watchguard T40 to replace a 10yr old undersized ZyWall firewall. The firewall 'source port is looking for the actual client source port, which would generally be a random high number port. Is this correct From what I can tell, it matches everything in the above pic of the dd-wrt settings. Not sure the firewall is super up to snuff compared to the features and options of others, but if you are interested in a whole-home Ubnt solution for network, Wifi, cameras, then it’s cost effective. Heres what my custom firewall rule looks like in untangle at the moment.
Ubiquiti’s new Dream Machine Pro is targetted as a home all-in-one device that will firewall, router, PoE smart switch, security camera NVR, and Wifi controller for their own branded devices. I have set up the firewall rules: iptables -I INPUT 2 -p udp -dport 1194 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0. Be careful shopping for older hardware from these guys on eBay, since they often are End of Life and won’t have support or updates. If you want a more PRO ‘prosumer’ device with less tinkering in the firewall and filtering, then look for a small home appliance from someone like WatchGuard, Sophos, Palo Alto, etc, but they get PRICEY and often rely on annual license for updated filter lists, AV algos, etc. pfSense or OPNsense S/W is free, but similar good “software on your own PC” package is available from Untangle or others for small annual home license fee only. This article was originally written for pfSense 2.3, then it was updated for pfSense 2.4.4, then for pfSense 2.4.5-p1, and now for pfSense 2.5.0. You can buy a small appliance just for this from vendors like Protectli or Qotom starting ~$250, or find an old SFF PC or build one yourself for purpose. I considered DD-WRT, but I have only older routers running this platform, and I understand their throughput would be very low (WRT54GS, etc.). Id do that or load DD-WRT on a Linksys or other compatabile router.
If your not opposed to running a full sized machine as a firewall I would look into PFSense, its by far the best OpenSource firewall/router Ive ever used. You set the network up with a SSID which is a name. Lets you block common ports, keeps most of the weenies out of your pants, and costs about 85. A firewall is your first line of defense against malicious software and strangers online. If you are into tinkering, get a small/cheap Intel PC which can run pfSense (an i3-ish CPU with AES-NI instructions is fine, and 4-8GRAM and a small SSD, and DUAL INTEL NICs). Answer (1 of 2): You don’t have to configure a WiFi network for specific devices. Answer: What Is pfsense Firewall A firewall is a network security system, that monitors, tracks, and controls outgoing and incoming data and network traffic. A small standalone firewall between the provider modem and your network is a good strategy.