It seems increasingly unwise to allow an Intel-made CPU to talk to the outside world. But the NUC-style machines are almost exclusively Intel. What should we do for a new firewall?

You’ll recall that I prefer firewalls to run Debian Stable, so that security updates are available promptly. While there are a few non-Intel architectures available in Debian, I think of them as being less likely to stick around; fewer eyeballs on the specific code paths.

So let’s look at AMD’s low end CPUs. First, we discard the CPUs that can’t be bought new-in-box; second, we ask for either an APU (integrated graphics on the chip) or integrated graphics on the motherboard.

• The Kabini core line is now dead. You can buy some leftover Semprons, but they don’t have graphics and the only available new motherboards are one or more of expensive, have no on-board graphics, or have no expansion slots.

• The Ryzen line is more promising. There are three new AM4 socket chips, all with integrated graphics and differing only in clock speed: the Athlon 200GE, 220GE, and 240GE. The 200GE comes in at a reasonable $60.

The cheapest motherboards are, unfortunately, microATX rather than microITX. The prices aren’t bad, though, starting at $61.

Let’s build a sample system from Newegg parts:

• $60 Athlon 200GE, 2 cores, 4 threads, 3+GHz.
• $66 Asus Prime A320M-K motherboard
• $20 4GB RAM
• $20 Crucial BX500 2.5” 120GB SSD
• $25 Rosewill microATX minitower
• $25 300W ATX power supply
• $29 2-port gigabit ethernet NIC or $40 4-port gigabit NIC

Totalling $245 or $256 for a highly-overachieving 3 or 5 port router/firewall.

The case is not the smallest, the power supply is not the quietest. You’ll need to pay more for each of those.