view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Depending on how in depth you want your firewall, packet inspection, etc to be and your internet access speed, you may want a commercial grade router. You can also probably use an old PC and add a dual gigabit NIC to it and load up opnsense or pfsense or some other router/firewall distribution. From there, add a stand alone switch and a standalone wifi AP (or router in AP mode). The reason I bring up using a commercial device or an older desktop is because packet inspection, filtering, etc at line speed on a gigabit connection won't be possible with a lot of low powered devices.
I used to do this (was using an old Intel core i5 second gen with added RAM and a dual port gigabit NIC) but it was a lot to keep up with. I have since moved on to an Asus router (RT-AX86U) with the AsusWRT-Merlin software package. The only functionality I really lost was suricata for IDS. The AsusWRT distro comes with some proprietary stuff (that I think you can turn off) but it's also very "open" in terms of just running Linux underneath. This means you can set up things like VLANS, use iptables, etc.
AsusWRT-Merlin adds some niceties (including a nice add on system that will expand into web based interfaces for certain things you might usually do from command line, better/expanded firewalling, and even adguardhome installer for DNS-based malware/spyware/ad blocking... kinda like pihole but lots of people like it better). The maintainer of that package corresponds frequently with Asus (to the point that some of his stuff is merged back into the official AsusWRT at some points).
I can confirm that the model I mentioned above is able to do all the firewalling, QoS, adguard DNS filtering, etc at gigabit speeds. It also has some sort of IDS and a few other protections, but they are part of the proprietary bits (Asus licensed via TrendMicro I believe).