I have a pc in my living room that is on 24/7 and serves as my media server (xbmc) and storage (hardware raid + lvm + nfs). It's also my compile machine so I invested two years ago in a i7 3930k with 64GB ram and loads of disk space. I'm running the community edition of Astaro Firewall (nowadays called Sophos UTM http://www.sophos.com/en-us/pr...) under kvm. I purchased on ebay a quad port intel 1GB NIC which is reserved for my firewall VM. I have one port connected to my ISP, one to my internal network via a real hardware switch, one to a dmz VM, and one to my wireless AP. The system is rock solid, Sophos UTM is being updated on a regular basis, has a long list of nice features, including OpenVPN and iOS/Android friendly VPN solutions, with clients for linux/mac/windows/ios/adnroid. The interface is super nice. And since a few versions ago it supports google authenticator for a two factor authentication, both to the admin console and the user portal, as well as the VPN. Very very nice feature. Works with iOS and Android, NetworkManager, etc.
In the past I was using netbsd on an old powerpc machine, then ipcop on the same powerpc machine (I was the guy who ported ipcop to ppc and sparc), then ipcop on x86 under vmware server, then ipcop under virtualbox, then astaro firewall under virtualbox. I switched to kvm+qemu because I was not happy with the virtualbox network performance. I even played with PCI passthrough to have complete control over the network card. Finally I settled on libvirt + kvm with astaro firewall. I'm running all this under LFS (linux from scratch), but this setup can be easily replicated on any modern distro: Fedora, CentOS, Debian, Ubuntu, you name it.
Or you can try and roll something yourself, based on iptables, whatever. But if you're not into monitoring security mailing lists for the latest vulnerabilities, you're better of with an off-the-shelf commercial product with a free community offering.