Thought I would ask this group. I’m starting to get into building my own router/basics server. and I’m following an idea from some IT guys at my office. Use just a bit more hardware, and VM the router OS for that portion. Then add on a few pieces. Adguard, home assistance and a proxy serivice (which might not be necessary at all)
but adguard vs pihole and others. and home assistant vs openhab.
Anway on the router OS side - they have been talking about OPNSense more than PF as it’s supposedly better for updates and intrusion detection. But the other items run as linux base which and I noticed how IP Fire is a newer contender but supposedly good and it has a linux base too. Which leads me to think it will have a bit better hardware support and in theory takes better advantage of more processor and ram.
So I thought I would ask this group if there was anyone running IP fire and how it compares. From what I’ve read so far it compares well.
I’ve never tried OPNsense…getting more updates may seem like a good thing but are they well tested and well maintained? Think of OPNsense as a release thats much more progressive with patches and feature sets. PFSense traditionally only releases updates/patches when absolutely necessary. The smart IT guy is probably not running OPNsense. IP FIRE doesn’t have a webgui the last time I checked and that was a bit of a deal breaker for me. For router management I’d rather have buttons to push than deal with it on a CLI.
I personally wouldn’t virtualize my router setup. I’ve thought about it but just don’t see much benefit in it. No it won’t boot up faster. Perhaps with IP Fire but I doubt the bsd based routers will boot fast at all. You could technically also virtualize OPENWRT x86 version that would be lightning fast to boot up.
I do run pihole as a docker from my unraid server. I’ve tried most of the IDS stuff in PF and it varies as to what you want to accomplish. PFblockerNG-devel works pretty well but I prefer pihole over it. Adguard I haven’t tried because I think you have to shell out some money for it to work right and aint nobody got time for that.
I haven’t built my box yet - or well bought my box yet as I think I’m using an HP box. But what my work friends are telling me is that Adguard works best and is what we use corporately. so there might be more to that. Meanwhile they all seem to want to try IP fire - but I get the impression they consider OPNsense their planned backup. Curious it appears like some of the commercial firewall/router devices are linux based including Ubiquiti’s stuff.
I’m not worried about boot speed as much as I’m liking the idea that I can snapshot the setup and if I muck it all up I can be back to square 1 again quickly. this has come in handy on my server once already.
Thank you for the replies - whichever route I go I’ll post up what it does. OH and IP FIre does have a GUI web interface. IP tables which is what they started with did not.