Since it turns out buying the recommended pfSense SG-2440 is not possible at the moment, I’m looking for alternatives. My preference would be for a small machine / router running GNU/Linux with the required number of ports.
The downside is that instead of following the pfSense documentation we would need to adapt to either iptables or some higher level interface. Unless we can run pfSense on any hardware: that would be convenient.
Sorry for the naive question but … I’m not yet familiar with the various pfSense bundles and community edition suggests some parts are not included. Were you able to follow the SecureDrop instructions with the community edition or are there bits missing because they are only included in the SG-2440 ?
Looking to try pfsense in a small network not related to SecureDrop I stumbled upon the PC Engines systems.
Have these been assessed as not so expensive hardware platforms for SecureDrop pfsense boxes?
I have been using an older apu as a SecureDrop firewall, and it works quite well. Unfortunately since there are only 3 nics, I use 1 for wan, 1 for app, and 1 for mon. When I connect my admin workstation, I use a switch on the mon port and use static IP addresses and more firewall rules to restrict mon access to the pfsense admin interface.
While it’s been working very well for me so far, it hasn’t been as thoroughly tested as the alternatives, and it’s difficult to recommend this to the general public for various reasons: the more involved install process (no VGA), the existence of different revisions and the lack of availability through retail channels (in North America, at least).
Funny story, Netgate was so alarmed about their competition that they grabbed the OPNsense.com domain name, however then WIPO (U.N. copyright agency) forced them to hand it over to a rightful owner since they were acting in bad faith. Ha.