Is the page we're commenting on just a really bad description of the project? Because it does not say that OPNSense is simply a ROUTER, and besides "we switched to the fastest PHP framework"† the IPS capabilities are basically the only technical comparison the article makes.
OPNSense describes itself as a firewall. A firewall is generally something you deploy along with a router. Does the term "firewall" just mean something else among the community of people repurposing old Dell towers to build complicated home networks?
Blame the industry? Every home router you can by today is a "firewalL" by their definition, because it does NAT and blocks all inbound traffic by default. I think it's silly to debate whether or not that's a fair description, but they're using the terminology their target market is used to hearing.
Some vendors have moved towards calling their SPI functionality the "firewall" portion, but that debate is about a decade too late.
I want to monitor and/or optionally block outgoing traffic. How do I do that with my airport extreme? which router should I get. One network administrator type friend recommended pfsense on a netgate device. is that bad advice?
I don't think so at all (not bad advice that is). I run PFSense and am happy with it. Things like QoS tend to be difficult to get working right, but just straight blocking isn't a big deal.
I'm not sure you need to do the netgate device unless you want support, you can use literally any x86-64 box you have lying around. Another good option if you're looking for an "all encompassing" solution would be ubiquiti. If you went that route you'd likely want to dump the airport extreme though and just go all-in on ubiquiti.
It's a page to describe what they do differently than PfSense, and that happens to be a) the web frontend and b) the choice of IDS/IPS. There is little reason to describe the "boring" standard stuff that's routing, firewalling, VPN server role that's the core of both projects. Have a look at the comparison table at the bottom for a better idea of the feature sets.
> A firewall is generally something you deploy along with a router. Does the term "firewall" just mean something else among the community of people repurposing old Dell towers to build complicated home networks?
That's an unfair characterization IMHO. In the commercial market, there are tons of "firewall appliances" that are used as router/firewall combinations: Sophos UTM, Watchguard boxes, Fortigate, ...
pfSense and OPNsense play in roughly the same space: a box you plug your WAN interface in that will do (primarily static) routing, firewalling with multiple zones, act as a VPN server. And typically have some amount of security checkboxes a la IDS, WAF, ..., although the commercial ones with the opertunity to sell subscriptions emphasize this more.
I'm no fan of php, but you realize the home routers you recommended earlier typically have CGI UIs written in _C_ by people that don't really understand strings and pointers?
OPNSense describes itself as a firewall. A firewall is generally something you deploy along with a router. Does the term "firewall" just mean something else among the community of people repurposing old Dell towers to build complicated home networks?
† smdh