pfSense is an open source firewall/router distribution based on FreeBSD. pfSense is meant to be installed on a personal computer and is noted for its reliability and offering features often only found in expensive commercial firewalls. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage. pfSense is commonly deployed as a Perimeter Firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint.
The name was derived from the fact that it helps make the OpenBSD packet-filtering tool pf make more sense to non-technical users.
The pfSense project started in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich. From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for CompactFlash-based installations. Version 1.0 of the software was released on October 4, 2006. Version 2.0 was released on September 17, 2011.
|Install, update, packages, management
- Live CD, update, NanoBSD/embedded, virtual machine, and USB installers available
- Packaged support/push-button installer for extensions, including the Squid proxy server, the Snort intrusion prevention/detection system, ntop, the HAVP antivirus package, IP blocklists, and the FreeSWITCH telephony platform
- Console, web-based GUI, SSH (if enabled) and serial management
- RRD graphs reporting
- Traffic shaping and filtering
- Real-time information using Ajax
|Functionality and connectivity
- Virtual Private Networks using IPsec, L2TP, OpenVPN, or PPTP
- PPPoE server
- High availability clustering; redundancy and failover including CARP and pfsync
- Outbound and inbound load balancing
- Quality of Service (QoS)
- Dynamic DNS
- Captive portal
- VLAN (802.1q)
- DHCP server and relay
- IPv6 support (in v2.1 beta)
- Multiple public IPs/multi-NAT
- Multiple resolvers (DNS forwarder, unbound, TinyDNS, other)
- Aliases supported for rules, IPs, ports, computers, and other entities
|Firewall and routing
- Stateful firewall
- Network Address Translation
- Filtering by source/destination IP, protocol, OS/network fingerprinting
- Flexible routing
- Per-rule configurable logging and per-rule limiters (IPs, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway
- Packet scrubbing
- Layer 2/bridging capable
- State table "up to several hundred thousand" states (1KB RAM per state approx)
- State table algorithms customizable including low latency and low-dropout
Packages available as "push button installs" (as at March 2013) include: - Asterisk, Apache with mod-security, FreeSWITCHG (Voice over IP), jail, LCD panel support, spamd email tarpit, nmap, stunnel, Varnish accelerator, Multiple monitoring and statistics packages, file managers.
Although the focus of pfSense development is on full-PC installation, a version is provided targeted for embedded use, and many companies produce embedded systems specifically designed to run pfSense.
See also 
- ^ Danen, Vincent (December 7, 2009). "DIY pfSense firewall system beats others for features, reliability, and security". TechRepublic. "If you want a high-availability and highly reliable firewall, pfSense is definitely something to seriously consider"
- ^ a b Miller, Sloan (June 26, 2008). "Configure a professional firewall using pfSense". Free Software Magazine (22). "No experience is needed with FreeBSD or GNU/Linux to install and run pfSense"
- ^ Buechler, Chris (June 21, 2007). "So what does pfSense stand for/mean, anyway?". pfSense Digest.
- ^ "pfSense Open Source Firewall Distribution - History".
- ^ Ullrich, Scott (October 13, 2006). "1.0-RELEASED!". pfSense Digest.
- ^ Buechler, Chris (September 17, 2011). "2.0-RELEASED!". pfSense Digest.
- ^ pfSense's FreeSWITCH
- ^ "pfSense Firewall".
- ^ "OPNsense - pfsense firewall appliances".
- ^ "StrongBochs pfSense features".
- ^ "pfSense firewall Kit".
- ^ "pfSense embedded and UTM appliance firewall italian Kit".
External links