I want to make pfsense for gig speed from comcast as i have modem netgear cm1100 and a netgear nightawk r8000 as i am limit to use 500 or 600.
I want to do pfsense to get at least full gig and have better router all aloud and cache download as familiy of 8 people use allot the internet.
I heard old video of level tech one any old pc can be router as i see allot of them in pawnjob old one be good enough to get gig speed or do i go amazon or ebay and get gen 8 or 9 for i3 or i5 and small m.2?
Alternatively to pfsense you could put Debian or any other Linux distro - it’s less picky when it comes to drivers and might be faster in a home setting.
Why would you build a firewall on a architecture with a ton of security flaws?
@patricia2626 I suggest a Ryzen 2200G or an server level ARM processor but I dont know how you would get your hands on those… Its overkill with the ryzen but youll never bottleneck especially if you ever upgrade to 10 GBE
Heres a mobo that would be amazing for it: https://www.newegg.com/p/N82E16813145083 … two PCIE slots for networking cards… Ryzen 2200G … this is actually my next build for a firewall im doing for a friend with 10GBE NICs so I mean it is overkill but he asked for overkill and the funny part is its pretty damn cheap
I would recommend Netgate’s SG-1100 without not knowing what services you are running. I know the SG-1100 does has some speed limitations but that depends on the services you run.
I could also recommend some of Qotom’s industrial PCs. They make great pfSense boxes. I have an earlier Celron j1900 version that has been solid for years. Mine doesn’t have the AES-NI, but the newer versions do. Here’s a link of a barebones box so you can decide how much RAM/Storage you need.
I get your line of reasoning, however being able to actively exploit those vulnerabilities without being able to run code on the firewall (i.e., in this use case) is pretty impossible. If you’re patched (and you should be), they’re not even exploitable in a cloud environment when you have a running VM on the physical machine.
It’s not like your firewall is processing javascript or any non-trusted code on it (and if it is, you have bigger problems already).
Yeah, intel bad, etc. But in this particular use case… not a big deal. Pretty much every x86 based router in the enterprise world today is intel inside… and the sky isn’t falling.
Also, a lot of the security flaws are based in Intel’s SMT (hyperthreading) implantation. Most x86 routers can work with a smaller number of threads, so SMT could probably be disabled without an issue and mitigate most of Intel’s unsolved issues.
I’m wondering if a mod could branch this off into it’s own PSA type thread. Or would it be easier to just post a new thread. Either way, that’s great news!