servethehome.com has a series about these fanless, multi-gigabit firewall for a while, might be interesting if you have a 200-300 USD budget?

https://www.servethehome.com/tag/firewall/

I’ve used a very similar setup in the past (J1900 CPU, 4x1 Gbps network ports) and I only replaced it due to reasons. Not noticed any performance bottle necks with that setup.

The latest N100/N200/N300/N305 CPUs from Intel looks really interesting, similar performance as my workstation but at a 10th of the power usage. N305 also has 8 cores in a passively cooled case, amazing stuff!

I’m using a ~30 USD thin client with a 4 port networking card (~20 USD), just using plain nftables on Debian. It routes handles my network just fine (complex rule set with many subnets & rules, 250/100 Mbps connection). Also using codel/cake for traffic shaping, avoiding lousy ping times even when downloading/streaming et c.

I use two TP-Link EAP 245v3 (ancient by now, but I can still use all my WAN speed from all rooms) for WiFi. Works great.

If I would redo it I’d use VyOS, OpenWRT or maybe OPNSense, but still using x86 hardware due to cost/power usage/performance. And then newer ceiling access points.

Calm down, no need to go crazy here

Also have a look at omnivore as a pocket alternative!

I use authelia. It’s pretty straight forward to get started with, I just use the yaml user file and a SQLite database for sessions. I’m running it in podman with auto updates enabled for the tag I’m using (can’t remember which tag, but not latest).

I then use their tutorials as a base for the systems I want to use oidc with (grafana, miniflux…), or just redirect traffic through my reverse proxy to services that lacks proper authentication (looking at you, *arr stack).

I use caddy and traefik for reverse proxy, and it’s very simple to use forward_auth and similar with it.

It took an evening to figure it out but it’s well worth it!

What. That’s amazing!