How about running the packet filter in a dual-NIC VM on a VT-d capable PC? Dell T20 has Xeon E3 for $500 with 1TB disk and 4GB RAM. Add a PCI NIC for firewall purposes and still have the rest of the PC for use to run other VMs. GPU can be passed through to another VM.
Yeah, using desktop-class hardware works almost effortlessly, but it's not really a good substitute for a $120 router that gets by with passive cooling. This discussion is about whole computers that could hide inside the power supply for that server and run off its standby power rail.
If you're going to be running a server 24/7 anyways, it makes sense to equip it to also be your firewall and gateway. But that doesn't eliminate the huge gap between such a machine and off-the-shelf consumer networking equipment.
It may become easier for consumers to buy a general-purpose PC once and change software as needed, rather than chasing the ever moving ceiling of low-end disposable hardware.
I've lost track of the number of cheap special-purpose appliances I've bought, which turned out to have limitations not present in a general-purpose PC. Consumer routers and NAS devices are already in this category, soon to be joined by compute sticks.
The problem is that buyers rarely know which part of the long tail they may need later. As Intel motherboards converge into a SoC and peripherals support USB3.1+, hopefully we end up with a future that looks like Google's Project Ara, i.e. small modules.
