I'm thinking of giving pfSense firewall a shot on my home network. Is anyone here running it?

I have FIOS 1gig service and a few high bandwidth network consumers in my home that that can knock out my Linksys router if they get a little crazy with their connections/transfers.

The purpose built stuff for pfsense seems expense for what they are. I want something that will be able to maintain ~1gig speeds. I'm looking at some SFF options on eBay, such as a Dell OptiPlex 7020. I would add in another NIC card to it. Any opinions on this?

 

Kinda like the butcher griping about "Prime Rib, again?"

They are designed as appliances for specific purposes (contrast with PCs designed as commodity products). So, smaller quantities, higher marketing/support costs.



A "motherboard" NIC is (generally) preferable to an add-in card, to ensure the bus i/f isn't a bottleneck. "Smart" NICs that can handle some of the packet processing overhead "in hardware" (misnomer) is also a win.

If you're running VPNs and/or encrypted tunnels, a processor that has built-in support for crypto can be a HUGE win (depending on the ciphers used).

I don't like buying hardware. There's always an old/unused PC somewhere that you can play with (friend, relative, neighbor, etc.). Pull the existing drive (in case you want to return the PC to its original owner "unaltered") and install a small drive or SSD (with enough RAM, the SSD doesn't offer much of a performance increase as it's a "load once" application -- unless you also want to run apps on the appliance ). Build the appliance. Deploy at some noncritical time (so you don't have folks complaining if you bork their connections/usage) and measure performance. Use those observations to tweek your implementation for the next iteration (different NIC, different PC, etc.) With FOSS, you can always tweak the codebase to "adjust" the load it places on the hardware.

I use Optiplex 160's (USFF) as (headless) appliances, here. They are small, low power, fanless. But, can't handle much of a workload (1.6GHz Atoms). OTOH, great for a name server, font server, print server, time server, etc. -- all-in-one! Even a temporary file server hosting an external USB drive in a pinch.

 

A font server? WTF!

Doop why don't you get a Unifi Dream Machine Pro?

 

For the same reason you install any service: so you don't have to replicate it on each client!

You don't need a print server -- if you have a printer plugged into every host!

You don't need a name server -- if you manually maintain hosts(5) on each host!

Or, a time server -- if you can manually maintain correct (for whatever you decide "correct" to be!) time on each host.

A font server lets you stash all of your fonts in a single place (instead of having to replicate ALL of them on each host) and provide consistent access to the entire set from any host (client). If you only have the standard set of fonts that came with your OS install, then there is no advantage to be gained. Or, if you only have a few additional fonts. If you have a large collection, then the benefits multiply!

Would you store your entire music collection on EACH computer -- just so you had everything available to you regardless of which computer you were using, at the time?

 

Do you know if the fans in that make a lot of noise? My experience with 1U networking equipment is that they are loud and I don't want that level of noise in my basement.

 

According this reddit post it's very quiet, someone even posted a video showing a db meter

https://www.reddit.com/r/Ubiquiti/co..._on_fan_noise/

 

Update on this.
I ended up going with pfSense. I bought a used Dell Optiplex 3020 ($80) and used HPE NC364T Quad Port PCIe Network Adapter ($37) and elected to replace the HDD with a 240GB Crucial BX500 ($37 +$6 for mounting bracket).

I'm running 2.6.0 community edition. I haven't bothered to upgrade it as my needs are fairly simple.
I have never had a personal firewall with this kind of uptime before, 1011 Days 18 Hours 39 Minutes 28 Seconds. It just does it's thing and it's been awesome.

I am using a pair of TP-Link Deco AXE5400 as wifi access points which have also performed well.