Hi guys, I have hdmi modulator, it's got web control panel and I need to access it from public internet, once I set up NAT to WAN - it got bruteforced so I thought that I might need some kind of white list firewall solution, but here is a dilemma - what model to choose (so it will be sufficient yet not an overkill for this application) and what lanuage to use (C++ or Python) Cpp is vaulnurable to memory leaks and its harder to refactor the code, Python is good and easy - but no proper concurency and its slow in general, what should I choose as for hardware and what should I choose as for software ?
You will need a board with at least 2 ethernet ports therefore Uddo x86 may not be a good choice unless you wait for the additional ethernet adapter. The 'UP squared' may be better option since it hosts 2x ethernet. Personally I would get a mini-itx motherboard or find a cheap old pc and stick in a dual port ethernet card. For software look at PFsense (BSD not Linux) or Sophos UTM.
There are two separate questions in your post. To answer the software language item, I personally would choose a language that handles memory over languages that require you to do memory management. If you really ask me, I'd use the middle ground between C++ and Python: Java. Java has excellent threading and is, with the modern JIT technology quite fast, especially if your program runs enough time for the JIT to keep on optimizing. But I'm heavily biased here and I'm sure there are enough other opinions to start a good old fashioned language war. I'm not sure how the firewall is going to protect your situation. You can use a dedicated firewall, but I think then you should run your application on another device, otherwise the security improvement is very little. Linux does have software firewalls from which you can define the access rules to the ports on your target device. You could already harden your device by running this firewall and allowing only the white listed addresses to access your service, something that is also possible with many web servers.
If you move around (or want to connect from networks with dynamic public IP), you could take a look on "port knocking"[1] to only allow connections from IPs that know your secret knocking sequense. Personally, I'm waiting for the addon ethernet port, to turn my UDOO X86 into a firewall .. and try to turn the Arduino into a IPMI-style remote management controller (forced power cycle of the firewall, access to the serial port, ..) [1]: https://wiki.archlinux.org/index.php/Port_knocking - just "I feel lucky", so you might find better pages ..