+1.
100% of those “security detections” are 100% garbage. They can be made useful if you spend ridiculous amount of time configuring and maintaining! the ruleset (often it’s suricata under the hood) tailored to your network, and then you still won’t get any guarantees. If you just flip the switch – you’ll get massive number of false positives, important stuff will drown in that noise, even if it was to be detected in the first place, which is very unlikely.
For 100% of home and small business users, who don’t have budget for a dedicated security team, it’s 100% waste of time maintaining and loss of performance running those rules.
The only thing from a home firewall you need are two rules: allow established incoming connections and block all other connections, except to known lan services. These are the defaults on 100% of home gateways out of the box.
Everything else is a counterproductive marketing fluff.
Footnotes:
- Same goes about Synology DDoS protection that can be triggered by pinging the nas from (gasp!) TWO other hosts simultaneously.
- The only feartue outside of basic firewall worth enabling is fq_codel (SmartQueues, SQM, etc) that some home routers offer. It’s quite CPU intensive but is worth even upgrading the router to the beefier one. This is the only exception, that also vanishes if you have fiber or faster Internet.