Hiya, looking the a firewall for my homelab, mostly to experiment but also for a added layer of security. There are just two of us in this household with a few laptops, phones and my servers, so nothing much. Therefore looking for something affordable and not “overkill”.
Anyone got any recommendations for this? Also how do you run your opensense/pfsense instance?
Appreciate any tips!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point ARP Address Resolution Protocol, translates IPs to MAC addresses DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network NAT Network Address Translation NUC Next Unit of Computing brand of Intel small computers SBC Single-Board Computer SSD Solid State Drive mass storage Unifi Ubiquiti WiFi hardware brand
[Thread #38 for this comm, first seen 3rd Jul 2026, 08:50] [FAQ] [Full list] [Contact] [Source code]
i bought a intel n100 board with used 4gb of ram and an used ssd. then i bought 1 nic with poe for the wan (5g antenna with integrated modem) and second nic for a dmz.
also i tried opnsense but switched to ipfire, because it offers all i need in a much simpler package.
cost was arround 300€. tbh i would just buy a simple mini pc with enough nics, but couldnt find one with poe to a good price.
Take a sophos second hand FW.
Intel nic, low power consumption processors and full opnsense support.
Go at least for 4gb ram and the most powerful processor you can safely get. It will come with a lot of eth ports too on top.
And it will cost close to 100€, probably less if you struck a good deal
Good shout, on our second hand market there is currently a Sophos SG-115 for sale for 100ish euros. It includes an AP 55C and a Unifi poe adapter. Doesnt seem too bad a deal to me. What do u think?
Which hw revision?
If it is a ver3 it is the same I have, good for FW and red services, you can make complex setups.
It is a bit short on cpu for ips systems(suricata and zenarmor) , but it is able to do dns filtering via adguard or unbound.
100€ sounds good to me if it comes with AP, people here are happy with that brand
Good luck
Looks to be the second revision.
Try to find a rev3, the cpu upgrade really is really worthy
Nowadays I think most homelabbers are buying those n150 mini PCs from AliExpress. Specifically for opnsense
@bytepursuits @selfhosted I’ve tried one mini-pc about 10 years ago; what a disappointment! It was a small jewel, touching it. It ran Win10, 64GB hard disk. For a couple years it has been my emergency portable aid - I installed NVDA (non visual desktop access) screen reader in it, as JAWS for Windows, the commercial one, is very heavy. So, after a few updates from Win10, this poor machine literally became so, so slow. And, hot. It seemed to have a little oven in my hands.
Now, I don’t find anything interesting; those machine, low-priced, sold in extra-EU e-commerces, don’t seem trustworthy. The second one I bought was bigger, about the size of an iPad mini. But it arrived with broken LCD screen. As a blind user, I was relying just on audio. But in the end, gearbest said “you have broken it” - money thrown in the toilet.
If your Internet connection is 1g or slower just about any desktop built in the last 10 years should be fast enough. The critical thing is having a good network card. Intel is generally very reliable for network cards and you can get used ones on eBay for not to much.
My Pentium G3220 box running OpnSense has never bottlenecked me, so I imagine you can run it on basically anything you can find in a dumpster.




