Finally ditched my ISP’s router and installed my own opnsense firewall with my own Access Point. I have crowdsec running on opnsense to block attacks + adguard to block ads and malicious domains. My network is segmented between my homelab that is exposed and my AP.
Finally feels quite safe in my network 😅
You must log in or # to comment.
Networking isn’t my strong suit, so this might be a stupid question. But what exactly is a hardware firewall? Is it the same thing as my Internet facing router blocking incoming packets which haven’t been requested from “inside the home” network?
A hardware firewall generally indicates a standalone appliance that is dedicated to being a firewall. Not to be confused with a software firewall as you would see with UFW, or Windows Defender. Modern routers do possess some of the same tenets of a hardware firewall, but a dedicated hardware firewall usually gives a broader range of defenses such as IDS/IPS, filtering, etc.
I have a dedicated hardware firewall in the form of pFsense. The ‘black box’ in OP’s picture is the hardware firewall.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DNS Domain Name Service/System IP Internet Protocol IoT Internet of Things for device controllers
4 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #47 for this comm, first seen 31st Jan 2026, 16:30] [FAQ] [Full list] [Contact] [Source code]
Good for you. I use OpenWrt on a decent router yet it’s so flexible. I can create multiple VLANs with different firewall rules, multiple APs, Ad and IP blocking etc.
Honestly I can’t imagine going back to a shitty ISP router ever.
Even the wrong non-isp routers are ridiculous compared to OpenWrt capable ones. You’re telling me I’m paying a huge premium to get a cutting edge Nighthawk, and then they shove a subscription service in my face to use any of these features? Let alone the security implications of having all your traffic routed through proprietary software. No thank you.
I don’t think we are the target audience for those, though, as weird as that sounds. More likely intended to be sold to less tech savvy people who are willing to pay for the convenience of some company handling their security.
