pfSense

From Wikipedia, the free encyclopedia
Jump to: navigation, search
pfSense
Pfsense logo.png
Developer Electric Sheep Fencing, LLC
OS family BSD (8.3-RELEASE)
Working state Current
Source model Open source
Latest release 2.1.5 / August 27, 2014 (2014-08-27)
Latest preview 2.2 / Daily snapshots
Platforms Intel x86, AMD64
Kernel type Monolithic kernel
License ESF License Agreement, v1.0[1]
Official website www.pfsense.org

pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability[1] and offering features often only found in expensive commercial firewalls.[2] It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.[2] pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint.

Name[edit]

The name was derived from the fact that it helps make the stateful packet-filtering tool PF (which acts as a firewall, packet filter, and routing service on many BSD and Unix platforms) to make more sense to non-technical users.[3]

History[edit]

The pfSense project started in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich.[4] From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for CompactFlash-based installations. Version 1.0 of the software was released on October 4, 2006.[5] Version 2.0 was released on September 17, 2011,[6] with updates 2.0.1 to 2.0.3 between then and 2013. pfSense version 2.1 was released on September 15, 2013, and version 2.1.1 was released on April 4, 2014,[7] with a subsequent update to 2.1.2 on April 10, 2014,[8] due to the Heartbleed bug. 2.1.3 which was released on May 2, 2014,[9] contains several minor fixes and was released mainly to address two FreeBSD SAs which don't affect the base system but some packages. pfSense 2.1.4, released on June 25, 2014,[10] contains several security and other fixes.

Features[edit]

Install, update, packages, management
Functionality and connectivity
Firewall and routing
  • Stateful firewall
  • Network Address Translation
  • Filtering by source/destination IP address, protocol, OS/network fingerprinting
  • Flexible routing
  • Per-rule configurable logging and per-rule limiters (IP addresses, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway
  • Packet scrubbing
  • Layer 2/bridging capable
  • State table "up to several hundred thousand" states (1 KB RAM per state approx)
  • State table algorithms customizable including low latency and low-dropout

Packages available as "push button installs" (as of March 2013) include but are not limited to: Asterisk, Squid (file caching), ClamWin download scanner, Apache HTTP Server with mod-security, FreeSWITCHG (Voice over IP), jail, LCD panel support, spamd email tarpit, nmap, stunnel, Varnish accelerator, multiple monitoring and statistics packages, file managers.

Hardware[edit]

Although the main focus of pfSense is on full-PC installation, it is also available in versions for embedded use on hardware using Compact Flash rather than a hard drive. Many companies produce system boards, or complete low power computers, specifically designed to run pfSense embedded.[12][13][14][15][16]

See also[edit]

BSD based:
Linux based:
Browser plugin/App:

References[edit]

  1. ^ Danen, Vincent (December 7, 2009). "DIY pfSense firewall system beats others for features, reliability, and security". TechRepublic. "If you want a high-availability and highly reliable firewall, pfSense is definitely something to seriously consider" 
  2. ^ a b Miller, Sloan (June 26, 2008). "Configure a professional firewall using pfSense". Free Software Magazine (22). "No experience is needed with FreeBSD or GNU/Linux to install and run pfSense" 
  3. ^ Buechler, Chris (June 21, 2007). "So what does pfSense stand for/mean, anyway?". pfSense Digest. 
  4. ^ "pfSense Open Source Firewall Distribution - History". 
  5. ^ Ullrich, Scott (October 13, 2006). "1.0-RELEASED!". pfSense Digest. 
  6. ^ Buechler, Chris (September 17, 2011). "2.0-RELEASED!". pfSense Digest. 
  7. ^ Thompson, Jim (April 4, 2014). "2.1.1-RELEASE now available". pfSense Digest. 
  8. ^ Thompson, Jim (April 10, 2014). "2.1.2-RELEASE Now available". pfSense Digest. 
  9. ^ Dillard, Jared (May 2, 2014). "2.1.3-RELEASE now available". pfSense Digest. 
  10. ^ Dillard, Jared (June 25, 2014). "2.1.4-RELEASE now available". pfSense Digest. 
  11. ^ pfSense's FreeSWITCH
  12. ^ "pfSense Firewall". 
  13. ^ "OPNsense - pfsense firewall appliances". 
  14. ^ "StrongBochs pfSense features". 
  15. ^ "pfSense firewall Kit". 
  16. ^ "pfSense embedded and UTM appliance firewall italian Kit". 

External links[edit]