An old pentium with pfsense is enough.Unfortunately a firewall is not a magic unicorn that can protect you against evil spirits. The Linux network stack is pretty well debugged and doesn't need a firewall. Most 'hardware' firewalls run Linux. If Linux needed a firewall, then you would need to put a firewall in front of every firewall, recursively. That will be very good for a hardware vendor, but not so good for your wallet.
If you need to protect a bunch of unmanageable Windows machines on a LAN, then set up a firewall on a Linux gateway. If your Linux machine is the only one, then don't bother.