Was it my blog post? https://blog.tjll.net/building-my-perfect-router/

Nice write-up. I have a very similar setup, only I didn't delve into the netflow montioring/traffic shaping because it seemed a bit overkill for my needs.

Have you given any thought about what you might do with respect to Shorewall, given the this news?

Even assuming the worst - that is, that Shorewall development completely stalls - the firewall is fully functional for me and I haven't hit any show-stopping bugs, so my plan is to continue using it until it breaks somewhere down the line. After the many years of development that've gone into Shorewall, the dividends it pays now are the years and years of hardening that have let it age into a solid, reliable tool. My needs aren't really pushing the envelope of what Shorewall can do (just a home network gateway), so my hope is that I won't bump into anything esoteric in the meantime.

That's a good point. I suppose as long as I'm careful with updates, I should be able to leave it alone until there's a long-lost security bug found.

I used your post, thanks for your hard work!

that's the one! much thanks

High likelihood it was this: https://wiki.archlinux.org/index.php/Router

The Arch Wiki is pretty awesome, generally, and I used this pretty heavily as a reference. I will say, this was not 100% perfect and I had to use some other outside sources, but most of the info is here.

I did consider writing my own step-by-step post (if for no other reason than for me to not have to remember it), but haven't gotten around to it yet.

I've never installed Arch and know virtually nothing about it but often the first link I click after googling is the arch one, their documentation is fabulous and pretty often bang up to date (Since I track Fedora N/N-1 the package versions are usually close enough).

I've been running Arch as my main home server for going on 11 years now. I love it. In that time span, the biggest hurdles have been the sysvinit/systemd transition and a handful of issues with mongodb feature deprecations that required manual intervention.

My original impetus for using it was to "re-learn Linux" after a hiatus out of college, and because it's not as bloated as something like a full Ubuntu install, but doesn't require the full compiling of packages like Gentoo, it seemed like a good choice. Unless I want a GUI right out of the box, I don't use anything else.

As you noted, the wiki is fantastic as well.

Yeah I know a bunch of programmers who love it, I use Fedora out of inertia, when I got the Ryzen at work it was very soon after they launched and they had better out of the box support so I switched to it from Xubuntu and liked it enough it stuck.