Can you tell why I should choose one over the other?
Routers include firewall security and provide high external level of defense from intrusions since they are separate
devices and possess their own operating environment, offering an extra line of
defense. Use of Software firewalls become less
important if a strong Hardware firewall is implemented. The main fallback for
Hardware firewall is they are quite expensive as compared to Software firewalls.
Linux routers, like Smoothwall is a simple Linux kernel built to run as a dedicated firewall/router. Using smoothwall is a great way to gain extra capability with NAT that you don't get from the cheap Linksys routers.
The disadvantage to software firewalls is that they will only guard the computer
they are installed on, not the entire network.
Different kinds of firewalls functions in
different manner depending on their software architecture. 1)The Packet
Filtering Firewall:the firewall examines five characteristics of a packet:
--- Source IP address
--- Destination IP address
--- Destination port
---IP protocol (TCP or UDP)
2)The Application-Proxy Firewall
3)The Application-Gateway Firewall
4)The SOCKS Firewall
I'm afraid this can't be answered because
(1) there are various different Firewalls for both, Linux and on Routers
(2) there are various different basic configurations for a Firewall
In general I would say you should always have the Router firewall enabled for the simple reason that it protects the entire network not only a single computer. Client side Firewalls (e.g. on Linux or Windows) can be enabled for additional security.
Usually the basic configuration for a Router firewall is that all incomming connections are blocked and all outgoing connections are allowed. In addition all incomming connections which are initiated from within the local network are allowed and all UPnP registered connections are allowed. It's a configuration which gives you decent security with very little inconvenience.
As for Linux Firewalls e.g. iptables the basic configuration should be either "allow all" or "block all". But again, it depends on the configuration shipped with it.