I just got Fiber to my home and built a Firewall on a tight budget.
It is an option here to say no to the router from the ISP. I had security concerns and would rather not spend the money on the router because I didn’t need it.
My other thought was I want to get deeper into networking/security.
So I got a used HP Prodesk G3 Mini PC and a cheep second NIC from AliExpress.
The installation went smooth.
After some issues with the initial setup.
DHCP and DNS are working now
Now I have a basic understanding of how to open Ports.
I also experimented with the CroudSec Plugin.
Where to go from here.
Can someone give directions what to do next?
Next would probably be to learn about segmentation & segregation, get a managed switch and learn about VLANs and divide your network, ie if you have smart devices in your home do you need those to be on the same subnet as your computers?
If you share WiFi to guests, do they need access to your things or just the internet?
Rate-limiting per-device/subnet so when a device say, pulls a large update, it won’t saturate your bandwith effectively DOSsing other devices.
Add a PiHole or do DNS filtering on the firewall.
If you have needs you could add a NAS, print server, VPN server to access you home from anywhere.
Familiarize yourself with iptables & ssh hardening, the Arch wiki is a good resource.