What is everyone using?
Currently I use a FortiNet FWF-80CM which is under full support. Not only is the hardware rock-solid, it's fast enough for most high-speed lines, and it gives me much better protection with sophisticated Intrusion Detection, anti-malware scanning and such. It's also a modern NGW firewall which works at the application level and not one of the old stupid SPI firewalls (which is what consumer routers and firewall distros such as pfSense and IPFire are).
Someone said that all consumer routers are more or less shit. I can nothing but agree. Some of these routers may be better, but at the end of the day they are all very poor. And installing something like OpenWRT/DD-WRT doesn't help much when the low-performance hardware is made for the lowest price point possible. And no matter what you put on top of such a POS it's still a plain old stupid SPI firewall.
Depending on how much comfort you want (i.e. router acting as media server, NAS or other gimmicks) and how important security is for you there are various options:
1. Roll Your OwnGet some decent(!) reliable low-power hardware and install one of the free firewall distros on it for example:
-
pfSense: reliable, doesn't need much ressources. Negatives are that even in the current 2.2 beta the support for 11n WiFi sucks donkey balls. It's also an SPI Firewall and the IDS and anti-malware options are very basic and pretty poor
-
IPFire: simple router distro which does other things as well. No WiFi AP support as far as I know, 32bit only, and like all the other firewall distros a simple SPI firewall.
-
Untangle: free version of the commercial UTM firewall variant, bit awkward GUI, and the free UTM apps are overall pretty basic.
-
Sophos UTM: former Astaro ASG, this is a professional UTM firewall that is free for home use. One of the best products on the market which provides very good IDS and antimalware protection.
If you roll your own then I'd strongly recommmend Sophos over the alternatives.2. Get a real FirewallThese days you can get decent second hand firewalls (i.e. Watchguard XTM2 Series) for little money on ebay. With Watchguard you can create a free account and have the device ownership transferred to that account, and you can download firmware updates even without support contract (although they can only be installed with a little trick). You can get some cheap FortiGate/FortiWifis as well, firmware for those is also available.
Whatever you do however, don't buy anything where you can't get regular firmware updates. "Just works" isn't enough, there's a lot of stuff going on even on consumer routers, and without good firmware support you make yourself vulnerable. If you buy a "real" firewall then make sure that the device is still supported through updates.