I can highly recommend pfSense:
https://www.pfsense.org/products/Originally ran it on a PC Engines Geode with tiny compact flash, but now it's running on some firewall box which is basically a PC in a firewall-looking case. I've run it in a VM (saves on hardware), installed to clients, paid a bounty to get a feature incorporated, etc. I looked at OpenWRT but that sucks dogs in comparison, IMO.
Netgate sponsors them now (they used to be entirely commercial-free), so the site wants you to buy Netgate stuff. Ignore all that, and the pfSense Plus (unless you need that kind of support, of course). However, that product page does have a handy table of CPU power appropriate to various sustained throughputs, which might be useful in your choice of hardware.