I wanted to use this on my RPI2 buy I think the CPU is too old 🙃 I to however have a openWRT router and I suppose I can achieve similar functionality with a bit of hacking on the OS.

Thank you for taking the time to write this! Well, first stage of my project (getting openwrt my router) has gone according to plan, and now to strive for the next objective 😏

Thank you for taking the time to answer throughly! I noted your advice and chunked up my goals into “mini-projects”, once I have all the configurations set and all devices connected to the new router. I did check what I bought is a router, not a switch (I find the naming of the device acting as the gateway between the LAN and WAN to be a bit ambigous: switch, router, gateway…).

As for the IDS capability, this is something that would be done by a raspberry pi being fed packets from the router. I don’t know if I will ever undertake that task, but I keep it in mind if I’ll feel adventorous 🙃

(for those wondering: Linux Magazine #279 has a guide on how to accomplish this with a Fritz!Box 7583).

Thank you for all the questions to help me clarify my use case 🙂

At the very basic, I’d like to:

1. achieve better security through segmentation by isolating cloud-connected devices, guest devices from trusted devices.
2. Being able to “pin” a Mac address to an IP, and being able to use internal network name resolution to reach those devices.
3. a blocklist for known ad-domains / malicious domains.

Once the basics are in place, I’d like to elevate my netsec game and implement:

• a high level monitoring capability to seen what devices are communicating with what domains / IPs
• An IDS capability of some sort to be able to detect anomalies in my LAN.

The NAS part is just for convince, it would be nice to have a samba / NFS with my files available when I need them.