Hi
"
Run, don’t walk, to your nearest electronics store (including WalMart and BestBuy) and purchase one of the dozens of inexpensive NAT-based routers."
Although I agree with the principle of this advice, I have doubts about the method of execution ever since I read this article -
http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers
I'd add "...that can be flashed with OSS firmware"
TLDR: It seems that much router firmware is riddled with insecurities, it's not being fixed in a timely manner, if at all.
I've implemented DD-WRT recently, replacing the existing firmware. I have more confidence in DD-WRT than I do with proprietary manufacturer's software because of it's open source nature and if vulnerabilities are found, they are generally fixed quickly, and firmware updates will be available after the manufacturers product is obsolete and no longer releasing bug fixes.
DD-WRT happens to be the firmware I use, but there are other OSS firewalls available, as well as pfSense.
The Netgear Nighthawk router linked to in the article is a great candidate for DD-WRT, I have one similar, and it extends the functionality no end beyond the stock firmware.
I applaud and look forward to seeing the continued development on a firewall on PiaF, because sometimes, you can't put the PBX behind a firewall, or ports do have to be exposed to the Internet simply because of the exigencies of your business, and iptables can help mitigate the risk using techniques such as rate limiting and geographic firewalls to limit the number of people who can access your systems.
Joe