After leaving the firewall running for a few days on my home network, the report came back and some numbers were pretty interesting.

  • 15% of all network requests were ads / malware.
  • IPv6 Improves speed by 10% because of the different packet formats. However, as my internet service provider does not support IPv6, I had to use a tunnel broker from Hurricane Electric to get IPv6 addresses. It does improve speed, but the latency has also increased noticibly.
  • 4GB of RAM is needed only if using Maxmind GeoIP blocking, 2GB is fine for most applications. However, it also depends on how many connections are happening at the same time. If there is something that is multi-connection intensive (torrenting, etc), more RAM is needed. However, for most cases, 2GB should work.
  • DHCPv6 is better than SLAAC for IPv6 because of the DNS support, however SLAAC is a little faster and is easier to setup and maintain. Currently, I am running the firewall in "Assisted" mode, which makes the IP assignments easy from the two different protocols used. However, "Assisted" mode does have a slight increase in latency and complexity when initially connecting and receiving an IP address. This mode is called "Router Advertisement" and it controls the IPv6 addresses of the devices on the network.
Type of Router Advertisement Description
Disabled RADVD will not be enabled on this interface.
Router Only Will advertise this router.
Unmanaged Will advertise this router with stateless autoconfig.
Managed Will advertise this router with all configuration through a DHCPv6 server.
Assisted Will advertise this router with configuration through a DHCPv6 server and/or stateless autoconfig.
Stateless DHCP Will advertise this router with stateless autoconfig and other configuration information available via DHCPv6.

For more information about Router Advertisements, refer to this article by Infoblox.

  • Compared to DNS based blocking, IP based blocking does not have as many blocked packets (994 vs 15,858 for IP and DNS respectively). However, it is much harder to bypass the IP-based blocking. These numbers can be increased when implementing GeoIP based blocking (eg, preventing connections to North Korea).
  • The firewall works fine if you plug it in and leave it be, as it does updates and maintenance automatically.
  • Download speeds are generally much much higher than upload speeds. By utilizing the network graphs, you can determine what type of traffic is going through the system.

Previous Post Next Post