opnSense is the “Free & Open source - Everything essential to protect your network and more”. In other words, opnSense is going to be:
and much more!
You will stick the opnSense between your internet links and your home network(s) and it will let you manage it all with very powerfull tools and web based GUI.
opnSense is a fork of the also good pfSense when, a few years ago, the company behind pfSense started acting in ways that pissed off the community. Since the product is Open Source, a different company spun up and picked it up rebranding to opnSense.
Between pfSense and opnSense there are a few technical distinctions, but mostly i prefer opnSense because it has a more modern and logical web GUI, and it's much easier to download and install. I tried to install pfSense, but first i had to create an account on their online store to purchase a free download link, then was unable to install the downloaded image because it required internet connection to phone home even before being installed. opnSense had none of that mess and proved so much easier to download and install.
While you could install opnSense in a Virtual Machine (or maybe a container?) it really make little sense to me. I purchased a low cost firewall appliance, which is basically a small factor, passive cooled mini PC with the following hardware:
The most important piece here is having four network cards (ethernet connections), because the whole point of opnSense is to be plugged into all your networks and operate as switch / firewall / gateway for your LAN, WAN and VLANs.
Since opnSense is based on FreeBSD you should make sure the hardware you want to use is supported, since the FreeBSD kernel has somewhat less support than Linux. Specially your WiFi will most probably not be supported.
Installing opnSense is quite easy, you should download the VGA edition to boot from an USB thumbdrive, then head onto the installation guide to follow the official opnSense guide.
As general hints, you must define beforehand which ethernet port you will plug into your home network: this will be called LAN interface, and which ones will be used to connect to your ISPs gateways. The first one will be called WAN and the second one will be called OPT1, OPT2, and so on.
You will be able to rename all those interfaces later on, but it will be annoying specially for the LAN one, so i suggest you get it right immediately. I also suggest you set a static IP on the LAN interface, i choose the 10.20.30.254 IP for the opnSense. This will become your gateway and DNS address for your hosts.
On the WAN interface, usually you want to set it as DHCP.