[jimpudar]

A very secure solution is building your own box to run OpenBSD. There are some good guides on how to set up OpenBSD as a typical NAT router / firewall here: https://www.openbsd.org/faq/pf/example1.html

I like PF a lot more than IPTables. I've found it to be far simpler to configure.

[user9182031]

Once you use PF, you can't really go back to iptables. The fact that you still can't create anchors or anything equivalent in iptables blows my mind. I can look at any of my older configurations from PF and understand what I was doing very quickly compared to iptables which is much harder to read and much less intuitive.

[phs2501]

Can you briefly explain how a PF anchor is not equivalent to a iptables chain? From a very short perusal of the PF documentation it appears to be the same concept to me (i.e. a set of filtering rules you can branch to from another part of the ruleset...)

[woolvalley]

Usually the issue in setting up a PC to do this kind of stuff is power consumption. Typically it's a minimum of 60W to run an idle PC, while an ARM router would run at 1-5W and have multiple ethernet ports.

[jimpudar]

Correct me if I'm wrong - I haven't tried it - but it looks like you should be able to run OpenBSD on ARM https://www.openbsd.org/armv7.html

I'll check what the energy consumption on my router is. I'm using an AMD chip which I had lying around. You're probably right that it uses a bit more power than necessary.

I was thinking about getting something like this: https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Bare... which uses 10W. It should be easy to install *BSD on something similar.