OpenWrt to replace pfSense?

The next gen if OpenWrt will use "fw4" which is based on nftables. Once nftables is standard, then it'll also be possible to reliably use "real" nftables (ie. using nftables scripting language). When that's the case, reactive firewalls using nftables sets, maps, and such will be very possible.

High availability by using conntrackd to duplicate connection info across backup routers is also possible.


I managed a pfSense firewall at our office for a couple years before switching to Meraki. I also run OpenWRT at home. OpenWRT is quite capable and upgrading hasn't been a big deal for me. I concur with other posters that the lack of things such as aliases can be annoying, but it's not a deal breaker.

If you go down this path, be advised that most of the consumer routers are small pokey little ARM or MIPS devices and aren't all that powerful. You'll almost certainly want to go x86 if you expect similar performance to pfSense hardware. I have no experience running OpenWRT on x86 hardware so unfortunately I can't offer any recommendations there.

If you can save config that is... :wink: