[mmastrac]

That's the exact one I have. It's definitely not a "plug and play" router, but I love it. My only real beef is that most everything on it requires a much larger level of network administration knowledge than any other hardware.

I'm also scared that I'm going to open up my home intranet to the world every time I tweak some of the advanced settings.

Not trying to dissuade anyone from using them, but it's light years away from a DD-WRT-based router.

OTOH, the ability to run VMs on your router is magical. I have yet to do that, but I'm itching to do something like putting the unifi management tools on it.

[gh02t]

Yeah, it definitely isn't something I'd recommend for people who don't know what they are doing. It's feature set is more comparable to enterprise hardware like Cisco or Juniper. Their terminal configuration utilities are pretty easy to use, but I actually really like their webui. It exposes all the functionality (which is a daunting amount) but is clean and very responsive.

That said, RouterOS pretty well documented and isn't hard as long as you know the basics. Mikrotik actually has a pretty vibrant little community around their wiki.

[nl]

Can the firewall on that do outbound filtering?

I've been looking at trying to control some of my devices a bit more (eg, SmartTVs).

PFSense looks good, but the dedicated hardware boxes are kinda pricy[1], and I don't really want to build something myself.

A switch with a built in firewall at that price is an interesting option.

[1] http://store.pfsense.org/hardware/

[gh02t]

Yeah it can. The firewall is standard iptables, so you can do whatever you want. It's also got DNS, http cache, SOCKS proxy and approximately 1 trillion other things that you may find handy as an all-in-one home/small business network device. Needless to say, it's maybe not the best idea security-wise to run all that stuff on one device, but I'm not terribly concerned.

I've heard people say it's not really powerful enough CPU wise to cope with a ton of rules (>hundreds), but I have a fairly involved firewall config on mine and it's no trouble.

Funny story, we use a firewall rule to punish roommates for not doing their share of the chores. If they get too far overdue on chores, we have an iptables rule to randomly drop a certain percentage of packets to their machine.