Best way to filter out IP addresses with hardware..?

Mar 2, 2014
I am looking to filter out IP addresses using hardware external to the computer itself.

I have decided that using Windows' system for filtering IPs/hosts is no good, because if someone hacked the computer itself, then they could just alter all of that anyway.

So it needs to be some external device, that can't be hacked.

The thing is, I am in a place where other people use the same router as me. So, using any built-in IP address filtering on the router is no good.

It needs to be some kind of hardware device that is placed between my computer, and the router.

It would have the ability to

1. Filter out all IP addresses except certain ones
2. Or, just filter out certain IP addresses

What is your recommendation for this...?


You could simply use a second router/firewall between your PC and the main router, essentially making a private subnet for your use only. You would (should) be the only person who can access this second router and you could set the filtering rules yourself. This would achieve the protection you seek, but would prevent you from easily sharing any network resources being managed on the internal network of the main router. This, however, may not be a concern of yours.

Good luck!
Mar 2, 2014
Hi, it's the original poster here.

So, how would you access this router...? Would it have a touch screen or something on it, or would I have to access it through another computer..?

Because remember, the original issue is that if the Windows computer itself is hacked, then obviously that creates issues.

The goal is to have a hardware device that is totally independent from any other computer on the network, other than, of course, routing data to it.

Also, does anyone have any reports of routers themselves being hacked, or are they generally considered to be secure..?
Routers, especially consumer ones, are generally pretty insecure. Not a massive issue though, because it's normally not worth scanning for every possible vulnerability across massive IP ranges.

If you went enterprise level, I guess you could program it via serial and disable SSH/Telnet. They tend to have less add-on stuff like web servers, SMB etc, so less attack surface.

What are you trying to protect that is worth going to such hassle?



You would access the second router from your PC (that would be on a separate segment that the systems managed by the primary router). This second router would be as secure as you make it, within the limits of a consumer grade router.

As SS, indicated, there are some commercial/business class solutions that could be used, or you could dump Windows and move a secure version of Linux, etc.

A "solution" really depends on what you are trying to secure and how much time/money/effort you want to expend on the project.
Thread starter Similar threads Forum Replies Date
V Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 2
1 Antivirus / Security / Privacy 1
P Antivirus / Security / Privacy 2
K Antivirus / Security / Privacy 2
H Antivirus / Security / Privacy 1
I Antivirus / Security / Privacy 7
S Antivirus / Security / Privacy 1
F Antivirus / Security / Privacy 1
F Antivirus / Security / Privacy 4
W Antivirus / Security / Privacy 8
P Antivirus / Security / Privacy 2
G Antivirus / Security / Privacy 7
C Antivirus / Security / Privacy 1
J Antivirus / Security / Privacy 2
tfitch11 Antivirus / Security / Privacy 5
S Antivirus / Security / Privacy 6
U Antivirus / Security / Privacy 3
D Antivirus / Security / Privacy 1
ajsellaroli Antivirus / Security / Privacy 1