Firewall Compare
Home Comparisons Topics
Compare Tools Glossary Resources About
Engineering / MLOps network
LLMOps Report ML Monitoring Report ML Observe MLOps Platforms SentryML

Glossary

Firewall, routing, and homelab networking terminology — what the terms mean and why they matter.

A

AES-NI hardware #

Intel instruction-set extension that accelerates AES encryption. Required by recent pfSense and OPNsense releases for tolerable VPN throughput. All Protectli hardware and any Intel CPU from Westmere onward has it.

B

Bufferbloat qos #

Excessive buffering in routers/modems that adds latency under load. Mitigated with smart queue management (CAKE, fq_codel). Both OPNsense and pfSense ship CAKE-based traffic shapers.

C

CARP / VRRP high-availability #

Common Address Redundancy Protocol (FreeBSD) and Virtual Router Redundancy Protocol (Linux). Both let two firewalls share a virtual IP for failover. The HA primitive for OPNsense/pfSense pairs.

D

Deep Packet Inspection (DPI) security #

Inspection of packet contents beyond the L3/L4 headers. Modern DPI relies on TLS metadata (SNI, JA3, certificate fields) rather than payloads, since most traffic is encrypted. ZenArmor and ntopng are common DPI tools on OPNsense.

I

IDS / IPS security #

Intrusion Detection / Prevention System. IDS sniffs traffic and alerts on rule matches; IPS does the same but can drop matching packets. Suricata and Snort are the two open-source engines; OPNsense ships Suricata as a plugin.

N

NAT network #

Network Address Translation. Rewrites source or destination addresses as packets cross a router. Most home firewalls do source NAT ("PAT") so many internal addresses share one public IP; destination NAT ("port forward") exposes an internal service.

O

OpenVPN vpn #

The long-running TLS-based VPN. More configurable than WireGuard, slower, but with broader client support — e.g. browser-based and mobile clients that don't yet ship WireGuard. Still the right pick for some legacy scenarios.

S

Stateful Firewall firewall #

A firewall that tracks active connections in a state table, so it can automatically allow return traffic for outbound flows without needing matching inbound rules. All modern firewalls (pf, nftables, OPNsense, pfSense) are stateful.

V

VLAN network #

Virtual LAN. A way to carry multiple isolated broadcast domains over the same physical wires by tagging Ethernet frames with a 12-bit VLAN ID (802.1Q). The basic isolation primitive in any homelab — IoT, guest, management each get their own VLAN.

W

WireGuard vpn #

A modern VPN protocol shipped in the Linux kernel since 5.6. Smaller code surface, faster handshakes, and simpler config than OpenVPN. Both OPNsense and pfSense ship WireGuard support.