Best GUI firewall for Proxmox home lab use

[testLink]

I am thinking about installing a Free open-source GUI firewall for Proxmox home lab use. The use case is to monitor internet usage of my children. I am not much skilled in CLI based firewall administration. May I know what is the best GUI based for my use case.

I read the below recently.
https://www.zenarmor.com/docs/network-security-tutorials/best-open-source-firewalls

Would OPNsense / pfSense etc be an overkill?

Any suggestions?

 

[UdoB]

Would OPNsense / pfSense etc be an overkill?

Probably yes!

My choice would be OPNsense nevertheless. It just has all the bells and whistles one might want. And you are not forced to enable/use them all at once - but they are available when you realize you want some new features next year.


Disclaimer: while I have two virtual OPNsense (redundant with CARP) running since two or three years this is not my main router yet - I struggle to migrate my 6000 lines of shorewall rules. Purely mass inertia... :-(

 

[louie1961]

I like pfSense. I tried OPNsense and just couldn't get used to the UI after using pfSense for a couple of years. I have pfSenseset up so that all DNS goes through pfSense. I have firewall rules to block DNS over TLS and DNS over HTTPS. I also used the hosts over ride feature to sink hole the Firefox DoH canary domain. This forces all DNS requests going to pfSense first and then forwarding to Cloudflare for families (1.1.1.3 and 1.0.0.3) over TLS. I do some mild ad blocking with pfBlockerNG-Devel, plus I have ublock origin on my browsers. I am really not using it for monitoring, but feel pretty confident that adult content and malicious sites are well blocked.

 

[vesalius]

Another vote for OPNsense and I find using the adguard plugin (OPNsense community plugin) an excellent adblocker as well way to stop or limit teens from sites and other social media I might want to limit. Great for monitoring as well. Better than my experience with pfSense and pfBlocker.

Lastly another consideration for both monitoring and blocking is NextDNS can be set up and password protected from being disabled for use in home and for mobile devices out of the home. Very effective as well.

 

[readyspace]

If it’s mainly for monitoring your kids’ internet usage and you don’t want to deal with too much CLI — OPNsense is probably your best bet.

 

[bl1mp]

OpenWRT, would be another possibility. Basic setup is very easy and configuration of DHCP and internal DNS is straight forward.
Several Packages are available e.g. for sophisticated DNS Filtering. Wireguard VPN is also available via WebUI.
Works on a Pi as well as many other plattforms, if it ever needs to be migrated.

BR, Lucas

 

[fba]

Have a look at IPFire.
Initial configuration is done via installer (TUI), all further configuration can be done via web interface.