Hardware purchase for amateur use

I used:
Micro-PC: Intel NUC7PJYH

• Intel Pentium J5005 - 4x 1.5 – 2.8 GHz (1x ETH)
• 8GB RAM
• USB 1Gb ETH

Used default ETH0 interface for Red
Used USB eth1 as Green

Home/Office setup via max. 10 clients (laptop/PC and mobiles)

CPU : under 3%
Memory: under 5%

I also use KVM for a VM (running opensuse & pi-hole) which makes hardly any diffence in perfomance

Enabling TOR relay will get Memory usage up to 33%

You won’t get a reliable answer to this until you are able to list more comprehensively the functions and addons that you intend running. Some functions, such as IPS, are processing intensive, whereas NFS is probably not, at least not on a home system.

Do you really need an Orange zone ? If not, then occasionally using a USB-Ethernet adaptor for that zone should suffice.

Unless you use the Internet infrequently then IPFire is best run 24/7. In order to have an IPFire that consumes < 30 W you would need a computer having an embedded (rather than plug-in) CPU. The “firewall appliances” that you perused earlier have this as do some replacement mATX mainboards. mini-ITX boards have only one slot, for which you would need a quad-ethernet card, if you are running 4 zones.

I thank you and confirm that I am of the same idea.
I’ll tell you in brief what I need to do with the machine and my current IpFire machine.

1. It has to stay on 24/7.
2. I also use it to study IpFire, so Orange is important up to a point. Red Green Blue is important instead.
3. I also use it for Qemu, but mostly I need this function for short experiments.
4. For storage, I use my mechanical NAS via NFS, so even a machine with a small disk is fine, enough for just IpFire.
5. Green, Blue, Red is important to be at 1000. Orange can be fine even at 100.

Evaluating these aspects, of my own idea, a couple of years ago or so, I decided to try a mini PC costing 100€. Here is my current machine:

https://fireinfo.ipfire.org/profile/3833b18279f84c4f1160a7683e0bae7dc9c95382

1. The power consumption seems very low to me.
2. It obviously has only one LAN 1000 card and some USB 3.0 ports.
3. Not being able to put in additional PCI LAN cards, I opted for 3 usb LAN 1000 cards to be used as green, blue, orange.

My idea was to buy a new machine that had all 4 LAN cards integrated and use the current mini PC as a Chromebook machine.
But honestly now I’m convinced that I’m spending money and possibly being in the current situation.
At the end of the day, this current machine of mine, seems suitable to do what I need it to do (at least so far it has always satisfied me, since I also have slow 100 megabit fiber).
My idea now has changed: I’m thinking of writing my own software to test the actual maximum speed (download and upload) of the USB LAN cards in my IpFire, to see if they hold up well to gigabit.
If necessary, I will replace these USB LAN cards with better ones.

I ran a quad-core 1 GHz mini-PC with IPFire for several years and it was OK. You could stick with what you have until it runs out of steam.

If your Internet is 100 Mb/s then none of your cards need to be faster than that.

That’s not quite true.

• Having some reserve is preferable to achieve the 100Mbit/s throughput
• If the LAN is 1000Mbit/s, it is good to equipe the LAN side of IPFire ( green0 ) also with a NIC of this speed ( internet access + local traffic > 100 Mbit/s )

That’s right. And by the time my mini PC breaks down, technology will surely have moved on, so I can opt for hardware that is now nonexistent, at consistently low prices.
For the slow network 100 Mb/s is only about my service giving me internet. Unfortunately, in my area at the moment no service gives me fiber over 100, although there are good hopes for at least 200 megabits.
But my local network is all wired to 1000. Having a firewal with lan cards at 1000 is only convenient for me for local file transfer from one machine to another and for file transfer between green/blue and between blue/green.
But bottom line. Right now I don’t think I need to buy new machines. If I want a Chromebook I can buy one without ruining my current firewall.
I thank everyone who has gone out of their way to answer me and give me great advice. All the information I have received has been helpful in resolving my uncertainty about buying another machine. All of you in the forum have always given me the best solutions.

Thank you again and please forgive my English. I struggle to understand your answers because the translators are never the best. And I am convinced that you also struggle to understand my English since it is the result of machine translation.

Yes. Indeed my local network is wired at 1000.

@casabenedetti , we have to thank you for bringing up this question.
Surely, the requirements for IPFire are shown in the wiki. But it is one thing to write down these from a developpers sight, the other is to handle this information in real life.
So this thread can give beginners to IPFire some more information.

This is a credit to me. I am just a simple technician who is passionate about networking and computing and has never moved from Italy. I like to pose a problem and find the solution. My lack of English skills penalizes me, but I am touched that you have found this topic of mine useful. I never imagined that I could help you in this little one of mine.

I use a HP T630 Plus Thin client with a 2port intel network card. It works great.

HP Thin Client can work well, but buyers of those need to be wary and have good understanding if PC architecture:

• earlier models are 32-bit and no longer supported by IPFire
• some require HP customised cards and components, which will be expensive, if still obtainable

The only downside to the T630 Plus is that once the word got out that it makes a great firewall, their prices doubled on the used market.