With the recent DDOS propagated from IoT on a new level, beside changing the default password, how would you prevent your devices from becoming part of this botnet?
I use an EdgeRouter Lite running OpenBSD-current with a deny by default firewall configuration. It's a cheap device and, although OpenBSD does not take advantage of hardware acceleration, it works fine for my network speeds.