the hardware firewall is good enough, you don't need a software firewall, it just slows down your computer.

A hardware firewall is much better than a software firewall.  Your firewall built in to your router should be plenty enough...if you have your doubts, there are many sites to test whether or not it is doing its job, such as https://www.grc.com/x/ne.dll?rh1dkyd2 .  Avoid a software firewall though....it slows your connection, uses valuable system resources, and allows threats to reach your computer physically before they are recognized...a hardware firewall does none of that!

-Rob

the problem with software firewall is any spyware/trojans/viruses etc etc once they get on your computer they start looking around and when they see that you have a software firewall they just turn it off or foward the ports that it needs. so a software firewall really offers no protection on a windows system becasue it can get turned off very easily.

Snort is an option... Smoothwall does have IDS making it a "hardware" firewall.   

I would have to say no that the router firewalls that you buy are not good enough to protect your system.  With a SPI, Stateful Packet Inspection firewall, which is what most of the newer routers are shipping with these days only provides incoming protection.   This is because of the limited processing power in the routers.  When you look at a true hardware appliance most are >300MHz to provide the necessary processing power for both inbound and outgoing traffic.

So as it stands right now only inbound traffic is check with the handshake method that is set up.    This is just about the same as Windows Firewall.  Inbound is only checked..  I dont remember if this was corrected post SP2, it may have been, but that is one of the big features that is being pushed, a full built in firewall.   So I would still recommend a software firewall that protects outbound traffic. 

The reason for the software firewall is to protect outbound traffic and the rest of your network.  If you know what is going out then you are more likely to remove any rogue apps that are requesting network time.   The other easy way to defeat the router firewalls it for spyware to send a bunch of SNY packets to hosts.. Since the traffic was outgoing nothing will be authenticated when the responce is sent.

So... what do the hardware firewalls do?  They check both incoming and out going traffic and require authentication for each.  This on top of Deep Packet Inspection..  Which is looking for mal-formed packets and rejecting them from entering the network.

just block all the ports u dont need and u will b fine


for the most part ;)