Money is NO CONCERN ! I want the best most powerful firewall for my 
home computer !
Which one should I get ?

If you are at all serious about firewall you will consider at least
dedicated machine. That can be some old pentium or even 486 that will
sit between your home network and the Internet.

Firewall on the same machine that is used for everyday work is bad
idea and offers no real security. For an example a simple email virus
could render your firewall useless.

The best and the most simple solution IMHO is to get old pentium with
two decent network cards. One is pluged into the Internet and the
other one into the hub that you can plug in your home comouter(s) in.
Only thing runing on this machine should be some very basic Linux
instalation, that offeres no services of any kind (no web server, no
mail server, etc.). Firewall software on this machine could be
iptables ( http://www.netfilter.org/ ).

It may be easier to purchase a hardware firewall. This can be a
difficult thing to advise on, it's impossible to know what level of
protection you need or want. http://www.firewallguide.com/hardware.htm
would be a good place to start your research on firewalls. It wuold be
better if you could detail the number of computers that would sit
behind the firewall and what kind of tasks they would be performing.

The most powerful firewall for your home computer...

Firewall power comes in two forms.  
 1. Speed - The ability to process and transfer packets of information
at high rates of speed.

 2. Port blocking/Packet filtering ability. - the more ports that are
closed the stronger (more powerful?) the firewall.  If however you
block all ports then you will not get any services to your computer
(web sites, file sharing programs, etc.)

Note: file sharing programs are not recommended if you want a secure
system.

Number 1 is probably not too important to a home user.  A 486
processor firewall will be powerful enough to handle the amount of
traffic a typical home user will generate.

So number 2 is the point that will be of the most concern.  Just about
every firewall that exists has the ability to close or open ports and
allow access to your computer.  If you are a Computer user and do not
want to be hassled with a lot of setup and command line configuration
of a firewall then you will need a prepackaged solution.


There are several free products out there.

http://www.ipcop.org - Ipcop is a GPL spinoff of smoothwall a firewall
product that has gone commercial.  IpCop has user groups who can
answer questions and help you with your setup.  IpCop is a complete
Operating System with the firewall built in (linux/iptables i
believe).  It comes with a web configurable interface that you will be
able to access from inside the firewall (not ouside) and a pretty
simple setup program for installation.  You will need IDE hard drives
on your firewall machine (this will be a seperate machine from the one
you use as your personal computer) and a cdrom that allows booting. 
All downloads and instructions can be found on the website.

There are also floppy firewall configurations out there... use google
to search for them.  They work well but are time consuming to
configure for your particular needs and may be difficult for someone
who is not familiar with ipchains / iptables.

The best option when money is no object is to purchase a firewall
hardware device.

http://www.watchguard.com/products/fireboxsoho6tc.asp
http://www.watchguard.com/products/fireboxsoho6.asp

these are two products that come with a configuration program that is
graphical.  They also have the ability to provide you with a security
and virus subscription. The subscription will basically protect you
for a monthly fee with their configurations.


There is yet another option.  Software firewall for your computer. 
There are a large number that are out there.  The only one that I have
had experience with is Zone Alarm.  It is configurable and seems to
block traffic rather well.

http://www.zonelabs.com/store/content/home.jsp

but remember that the best practice is to stop the bad traffic before
it gets to your computer that leaves the least possiblity of a cracker
gaining access to your system.

Good luck finding what you need.

feel free to email me if you have any further questions.

Nate Morris
TekResource Service Corporation.
nate@spamsucks.trsc.net

take spamsucks. out of the address to email me.

You really can't buy the best or most powerful firewall around.  It
involves the correct configuration for good firewall software/hardware
- i.e. its more of a service.  Your best bet is going to be either
taking the time and effort involved in learning everything you can
about firewalls and security, or if money is no concern, hiring an
expert to assist you in setting up your firewall.

If money really is no object, you're probably looking at a high-end
cisco or 3com firewall. we're talking thousands, if not tens of
thousands of dollars here. If you really just meant that you want a
good firewall, and don't mind paying more for it then a cheap one,
then the 3com officeconnect firewall or officeconnect firewall DMZ may
suit you.

http://www.3com.com

Just go to this link
http://forums.cpuplanet.com/forumdisplay.php?s=ff8591b6f5809267f6569c7e163fae66&forumid=2
Press new thread, and ask your question. It's free! and you can get it
answered faster than here.

What I would do (and have done) is purchased or repurposed an old
Pentium-class PC (a 486 has a few more limitations but might be enough
depending on your network configuration), put two (or more) Ethernet
cards in it, and installed OpenBSD. The basic gist of it, is putting
something like this in /etc/nat.conf:

nat on fxp0 from 172.31.0.0/24 to any -> 123.45.67.89

where 172.31.0.0/24 is your local network's IP addresses, and
123.45.67.89 is your external IP address, if you're lucky enough to
have a static IP. It can be done with a DHCP assigned address but I've
never had to do it that way under OpenBSD yet (I have done it under
Linux though).

The only downside to OpenBSD is in the user-friendliness department.
If you're dedicating one computer to be a firewall, running it
"headless" and giving it the one job of passing packets, this is next
to a non-issue. It seems complicated to set one of these up (and if
you're completely new to Unix I recommend installing a more user
friendly editor than vi for starters) but the effort is well worth it
because you'll wind up with enterprise-quality security.

BTW, I would not trust the security of my network to one of these
cheap boxes you can buy at Fry's or CompUSA that claim to be
firewalls. There is no way to audit the actual security of these
devices for backdoors, and if you do get one of these devices, and
later find you want to do something like utilize bidirectional NAT to
use more than one external IP address, or even just forward more than
10-15 ports to the internal network, you'll quickly realize you've
just flushed the money you spent on that device right down the toilet
because most such devices won't let you (and those that do are way too
expensive and you still can't audit the source code for security if
you want to; ask e.g. Cisco for source code sometime and listen to
them laugh).

If money is really no concern then you really should go with a Cisco
Pix firewall. It is the best on the market today. I would recommend
the Pix for small businesses for your peticular application;

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/p515e_ds.htm

Some may consider it overkill for what you are using it for but you
asked for the best most powerfull....

more info;
http://www.cisco.com/go/pix

There's another new product called Alphashield:
http://www.alphashield.com/
They claim to be 100% hackerproof.
I know some people who have tried and haven't been able to hack it.
Doesn't make it perfect, just thought I would mention it.