If you are after security and reliability - pfSense on dedicated hardware. Running 10x services on a single machine means single hardware failure brings down everything - including your entire network in this case. Your computer is >10 years old already. Do you really want this to happen?
Reviewing my stack of leftover hardware available i guess a third option would be to run an old i5 2410m laptop as a separate pfsense but since that only has 1 ethernet port i would need to get a managed switch to setup vlan for wan/lan separation, amirite? xD would that be better than both options? Or should i stop trying to repurpose my old scrap? xD
I run VPN on devices when I need it and uBlock in browsers, when needed. That gives my family members a choice what they prefer to have. I don't want to enforce anything on my firewall, except security.
I would not want to run VPN all the time or for all devices. It will reduce internet speed almost always drastically, irrespective of VPN provider.
I use AdGuard Premium on both PCs and Mobile and also AdGuard extension in browsers and I find it pretty effective in blocking most ads and with it I presume many spam, phishing, malware sites get blocked. AdGuard on Android mobile also allows me to block internet access to individual apps, though this is available in Android also. AdGuard Premium Lifetime Family licenses are available on discount at regular intervals. AdGuard does cause problems for some specific sites but than it can be easily disabled either temporarily or for those specific sites always.
I use OpenDNS Familyshield with DoT at router level.
I have found that AIProtection is working as it has blocked more than 700 requests to some specific sites like Dooloust.net and Mkopli-2.live not accessed directly but through some app or website or in some manner inconspicuously in past three months from family computer and phone. As I read about this deceptive ad sites while writing this, I will remove the extensions or root cause for these and also run Malwarebytes and security software on these devices for removal.
I generally block sites like doubleclick.com, doubleclick.net, google analytics and some other sites at router level for additional safety. It has not resulted in any major issues like breaking sites etc.
