I have been using an old Dell Mini 9 as firewall, ipv6 tunnel, and file server for my local networks, for some years. Fear of that just melting into a heap of slag was starting to keep me up at night, time for it to be put out to pasture. This also seemed like a good time to spend a little money and split out the functions sanely.
After a lot of research I ended up purchasing a Ubiquiti EdgeRouter Lite-3 with a view to using it as my boundary router, and ipv6 tunnel end-point. All the documentation implied that this little device would handle all of the pieces I need, DHCP, Hurricane Electric IPv6 tunnels, VLANs, firewalls etc. All that and it was sub 100 GBP delivered to my house. Well worth a punt. So I ordered one, and waited impatiently for it to arrive. Once it arrived I put it on the shelf planning on playing with it "this" evening, needless to say the box sat on the shelf for a couple of months, ooops.
Finally, this weekend I got round to pulling it out and booting it up. It is nice small package installed, silent of course and it seems to perform admirably. Using the web interface I was quickly able to assign the various interfaces to the appropriate networks, add the VLAN interfaces I needed, and put down basic addresses on them. Not bad for an hour of fiddling.
When I went to sort out my fairly complicated firewalling requirements things got a bit trickier. After some googling I found the simplest approach was to use Zone based firewalling, but this form is not supported by the web interface. Time to break out a bigger hammer and get to know the configuration CLI.
The configuration CLI turned out to be very simple to use, and pretty intuitive. I am sure it is instantly recognisable to those of you who have to incant at cisco style routers. You update the configuration in "configure" mode and you then "commit" to test the changes, and "save" to make the changes persistent across reboots. A handy split for when you firewall yourself away from the configuration interfaces! After another couple of hours of googling and hacking at my rules I had the IPv4 side of things setup as I wanted and working pretty well.
I still need to setup the DHCP servers, and IPv6 side of my world, but good progress and so far a pretty nice experience.