Is there any advantage to having an IPFire box in addition to OpenWrt? Before the OpenWrt router


I ordered NanoPi R4S from China and want to install IPfire on it, as an additional protection.

Will this do anything? What exactly? Or does IPfire have about the same FW features as OpenWrt?

I decided against OPnsense because it does not run on ARM. IPfire seems to support ARM.


Additional protection against what? Whether it does anything depends on what your threat model is. Does your threat model include state-level actors and require the use of a full intrusion detection and mitigation system? Or do you want to keep out the normal rabble?

IPFire and OpenWrt have overlap, of course, but really have two different end goals. IPFire is, out of the box, primarily intended to be a hardened firewall. OpenWrt is intended to be an end-user-device personal/home/small-office internet distribution system running on consumer appliance hardware.

OpenWrt is more modular and flexible, but that's because it has a different target audience and has to be built to provide very basic functionality on very basic hardware yet have the ability to plug in features where space, memory, and need intersect.

You can use OpenWrt to build the kind of zoned, hardened firewall that IPFire is. And you can use IPFire as a wireless access point and home router. But in either case, you're making an orange out of a tangerine, and vice versa.

Do you have an identifiable threat model that suggests a dedicated firewall is needed?

My personal sense is this. Those that need IPFire tend to know they need IPFire. If you don't know you need it, you likely don't.

That said, you may get different and/or better information about IPFire from IPFire people.


I am a "small peace activist" (very topical with the aggression at the moment) and have to watch out for governments.