We all know what I firewall is, right? It's a device that sits between you (or your network), and the Internet. It decides which packets are allowed to come from the Internet, to you, and which packets are allowed to go from you to the Internet. A properly configured firewall will protect you from all kinds of nasty things.

Do I have a firewall now?

Probably, in some form. Most cable modems nowadays come with some firewall functionality. The problem is, this functionality is being provided by a device that cannot be trusted. Cable modems and many consumer grade firewalls are notoriously poor when it comes to security. In all likelihood (especially if you have a large provider) your ISP is one of the primary people spying on you, so .. why would you trust a device supplied by them?

Why do I need a different one?

A much greater level of confidence can be placed in a firewall you build yourself. In this way, you can be more certain that there are no blatant security holes and no backdoors. Nothing is perfect, but a hand-built open source based firewall is a much better bet than something off the shelf.

What do I need?

A Computer

More or less, a second computer. You can use an old PC, or an old laptop. If you are buying one for the purpose, find something low power, as it's going to be on all the time. This computer will need at least two network cards -- one which talks to the Internet, and one which talks to your network. If you are short a network card, you can easily buy one (maybe a USB version, or PCI, if you have an older workstation.)

Laptops are great because they are low power, have a built in status screen, and come with in-built battery backup. Personally, I use an older toughbook laptop with a secondary USB 2.0 network card.

Software

You'll need some firewall software. It should be noted that almost any modern open source operating system can be used as a firewall: you can download the latest version of the fanciest version of Linux, and configure this to act as your firewall. You probably don't want this though: what you want is a specialized distribution made for firewalls. These will be lower weight, have fewer services running, and generally be more secure. My favorite firewall-specific distribution is called "pfsense", although I personally use just a vanilla copy of OpenBSD and pf (packet filter, the firewall software.)

The ability to configure it

This is not hard: there are ample guides available for configuring pfsense and OpenBSD pf. With that said, some familiarity of Linux/BSD is a major asset, as is being comfortable at a command line.

Have a look at the following page:

https://www.openbsd.org/faq/pf/

As far as I am concerned, this is the ideal firewall. You can't go wrong with OpenBSD, although it is not exactly beginner friendly. It's not that hard either, but if you are looking for a plug and play solution, OBSD is not quite it.

If that all looks too complicated to you, check out pfsense instead: it's a little more gentle. Pfsense is a highly regarded firewall package that is simpler to configure, and maintains many of the benefits of the OpenBSD solution (while providing its own.) Pfsense is going to be a lot closer to the routers/firewalls most people have configured before.

Alright, so ...

Get a second computer.

Make sure it has a second network card. If not, get one.

Decide on your firewall software

Download it. Burn it to USB, CD or DVD

Boot the software. Install it. Configure it

Plug it in, turn it on and hope for the best

Almost assuredly, you'll run into problems. You won't have Internet. No one does this perfectly the first time. Thankfully, great resources abound, and you'll almost certainly find what you need. Persevere, and you'll end up being a little bit more secure, a little bit more insulated from the warzone that is the Internet, ca. 2018. Just make sure you maintain the ability to remain connected even with a broken/half working firewall. Don't put the thing into actual use until you've tested that it works!

As a final note: depending on your existing router/firewall, you MAY be able to download open source software for it! A lot of the linksys and dlink devices can be flashed with something called OpenWRT, or similar. Basically you replace the software that ships on the device with stuff created by open source folks. It's definitely worth looking into, as you may be able to run an open source router without a second PC. Be careful with this though: if you blow up a secondary computer that was not being used in the first place, that's one thing. If you brick your only firewall, that's another!

Good luck to you. May your firewall burn brightly!