From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

Answers to frequently asked questions about our SR (security router) product.


You say the product is free, why does it have a serial number?

It doesn't need a serial number. You can use it for free, without a serial number, by simply pressing the Free button on the System > License page. If you don't have access to the web interface, you can run

admin@router1> license -a FREE-FREE-FREE

from the command line. If the system has already downloaded a serial number, you may delete it by removing the file /cfg/serial using the root access.

The system requests a serial number from our server link.halon.se using a simple, unencrypted HTTP query, so that we can identify users that has purchased software updates or support.

Why does the demo shut down every 4 hours?

Unlike other products that needs to be "connected" to the vendor (such as our spam prevention software), it would be awkward if a firewall/router software that has no reason to "call home" would do so. For that reason, and the sake of integrity, the security router software never connects to us (except for downloading software updates, using simple, unencrypted HTTP queries). Consequentially, we have no way of controlling the software once downloaded, making for example a 30 days trial license unsuitable. Shutting down every 4 hours seems to us like a good compromise. It's of course possible to restart it once shut down, as many times as you like.

If you like to verify the stability of software during longer than 4 hours, we hope that you can do so using the Free mode (slightly limited in terms of features). Otherwise, simply e-mail your serial number to us and ask for a "subscription" license. Then enable license subscriptions on the System > License page.

What's included in the licenses?

The software have four license types;

  • Demo is unlimited, but halts every 4 hours
  • Free costs nothing, is quite limited, software updates costs $19 each and supports costs $199/hour
  • Lite costs $99, is not as limited, software updates are free and supports costs $199/hour
  • Paid models such as Basic and Unlimited costs between $499 and $3999, but is less limited, software updates are free, and support is free

In the list above, the word "free" means "complimentary for the duration of 1 year after purchasing". Following that, it continues to be free if you renew your license annually. The renewal costs 25% of the original price (for example $124 for basic).



Protecting a network from a "real", large scale DDoS (distributed denial-of-service) attack is impossible on premise[1], even though some may claim it is. It's simply a matter of link/bandwidth saturation (sometimes both inbound and/or outbound). For smaller (DDoS/DoS) attacks, we feature some known-to-work mitigation techniques such as SYN proxies and TCP normalization, connection-limits and traffic shaping.

To protect a network/service from a DDoS attack, one should:

  • Ask your ISP to prevent the malicious traffic down-stream to premise. A DDoS attack needs to be mitigated as close as possible to the source.
  • Ask your ISP to apply anycast techniques to distribute the affected service to different network geographical locations. This usually improves performance and may mitigate non-global DDoS to a geographical region closest to the attackers. This is very common for DNS and CDN services.