Hiya, looking the a firewall for my homelab, mostly to experiment but also for a added layer of security. There are just two of us in this household with a few laptops, phones and my servers, so nothing much. Therefore looking for something affordable and not “overkill”.
Anyone got any recommendations for this? Also how do you run your opensense/pfsense instance?
Appreciate any tips!
Nowadays I think most homelabbers are buying those n150 mini PCs from AliExpress. Specifically for opnsense
@bytepursuits @selfhosted I’ve tried one mini-pc about 10 years ago; what a disappointment! It was a small jewel, touching it. It ran Win10, 64GB hard disk. For a couple years it has been my emergency portable aid - I installed NVDA (non visual desktop access) screen reader in it, as JAWS for Windows, the commercial one, is very heavy. So, after a few updates from Win10, this poor machine literally became so, so slow. And, hot. It seemed to have a little oven in my hands.
Now, I don’t find anything interesting; those machine, low-priced, sold in extra-EU e-commerces, don’t seem trustworthy. The second one I bought was bigger, about the size of an iPad mini. But it arrived with broken LCD screen. As a blind user, I was relying just on audio. But in the end, gearbest said “you have broken it” - money thrown in the toilet.
If your Internet connection is 1g or slower just about any desktop built in the last 10 years should be fast enough. The critical thing is having a good network card. Intel is generally very reliable for network cards and you can get used ones on eBay for not to much.
I had pfSense running on an old Core 2 Duo machine from around 2010 when I worked in MSP. You can run it on just about anything.
The only trouble I had was when I switched to gigabit+ service and had snort running. Snort is single-threaded and that CPU just could not keep up. Suricata would be a better choice given it’s natively multi-threaded, but the real limitation there was my setup and not pfSense.
Suricata would be a better choice given it’s natively multi-threaded
+1 for Suricata/inline
My Pentium G3220 box running OpnSense has never bottlenecked me, so I imagine you can run it on basically anything you can find in a dumpster.
Opensense is based on BSD, which has a single threaded network stack. This means that low end CPUs can struggle to do >1gbit throughputs. Depending on your WAN this could be an issue.
Any dual-nic SBC should be fine. My roommate & I run it on a i3 dual-nic small machine, but that’s almost overpowered. prior to that I ran it on a vm on proxmox, worked fine mostly, just a bit of a headache setting up the networking initially.
If you’re buying a PC for OPNsense or pfSense, look for one with Intel NICs. Realtek NICs tend to be unreliable.
It wouldn’t take much really. I run a little fanless standalone pFsense box:
- Intel® Celeron® CPU J3160 @ 1.60GHz
- Current: 1600 MHz, Max: 1601 MHz
- 4 CPUs : 1 package(s) x 4 core(s)
- 8 GB RAM
- 1 TB SSD
Last time someone asked this question, I believe the going eBay price was in the $175 to $275 USD range. Mine sits between my modem and everything else, servers, cams, PCs, laptops, et al. I haven’t experienced any bottlenecks or sluggishness.







