Talk:PfSense

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Computing / Software / Security (Rated Start-class, Low-importance)
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Software (marked as Low-importance).
Taskforce icon
This article is supported by WikiProject Computer Security (marked as Low-importance).
 

OPNsense[edit]

Mention the fork OPNsense and the ongoing controversy about pfSense not being actually free software (not all the source code is available). — Preceding unsigned comment added by 193.144.103.218 (talkcontribs) 09:42, 30 November 2017 (UTC)

2013 note[edit]

It might be a good idea to organize popular packages into a table rather than a list — Preceding unsigned comment added by 216.114.236.63 (talk) 19:34, 4 September 2013 (UTC)

Question[edit]

Can anyone shed further light on the reasons why this page is being considered for deletion?Jenglish02 (talk) 05:08, 6 August 2015 (UTC)

PfSense website content[edit]

Moved here from the article. This is unsourced and is content for the product website. WP is not a proxy for their website.

Hardware requirements

pfSense 2.1 through 2.3 has low minimum system requirements (for example 256 MB RAM and 500 MHz CPU)[1] and can be installed on hardware with x86 or x86-64 architecture. Since 2.4, pfSense requires the x86-64 architecture, ending support for 32-bit installations.[2] Starting with 2.5, plans are to require cryptographic hardware acceleration, such as AES-NI.[3] It is also available for embedded system hardware using Compact Flash or SD cards. pfSense also supports virtualized installation.


Features
Install, update, packages, management
  • ISO CD and USB stick installer images (VGA and serial console variants) are available. NanoBSD/embedded installs supported with 2.3.x only.
  • Packaged support for extensions (see "Packages support" below)
  • Multi-language
  • Console, web-based GUI, SSH (if enabled) and serial management
  • RRD graphs reporting
  • Traffic shaping and filtering
  • Real-time information using Ajax
Functionality and connectivity
Firewall and routing
  • Stateful firewall
  • Network Address Translation
  • Filtering by source/destination IP address, protocol, OS/network fingerprinting
  • Flexible routing
  • Per-rule configurable logging and per-rule limiters (IP addresses, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway
  • Packet scrubbing
  • Layer 2/bridging capable
  • State table "up to several hundred thousand" states (1 KB RAM per state approx)
  • State table algorithms customizable including low latency and low-dropout
Packages support

Packages available with GUI install and configuration, among others:

  • Snort Intrusion detection and prevention
  • Suricata Intrusion detection and prevention
  • pfBlockerNG
  • OpenBGPD
  • FRR
  • HAProxy
  • Squid caching and reverse proxy with SquidGuard and ClamAV
  • FreeRADIUS
  • ntopNG
  • nmap
  • multiple monitoring and statistics packages (Darkstat, Zabbix Agent/Proxy, softflowd)
Version history
Version history
Version Release date Significant changes
1.0[4] October 4, 2006
  • The first official release.
1.0.1[5] October 29, 2006
  • Bug fixes
1.2[6][7] February 25, 2008
  • FreeBSD updated to 6.2
  • Reworked load balancing pools which allow for round robin or failover
  • Miniupnpd added to the base install
  • Much enhanced RRD graphs
  • Numerous Squid Package fixes
  • dnsmasq updated to 2.36
  • olsrd updated to 0.4.10
  • BandwidthD package added
  • PHP upgraded to 4.4.6
  • Lighttpd upgraded to 1.4.15
  • Numerous Bug fixes
1.2.1[8] December 26, 2008
  • FreeBSD updated to 7.0
  • Bug fixes
1.2.2[9] January 9, 2009
  • Setup wizard fix
  • SVG graphs fixed
  • (IPsec reload fix specific to large (100+ site) deployments
  • Bridge creation code changes
  • FreeBSD updates for two security advisories
1.2.3[10] December 10, 2009
  • Upgrade to FreeBSD 7.2
  • Embedded switched to nanobsd
  • Dynamic interface bridging bug fix
  • IPsec connection reloading improvements
  • Dynamic site to site IPsec
  • Sticky connections enable/disable
  • Ability to delete DHCP leases
  • Polling fixed
  • ipfw state table size
  • Server load balancing
  • UDP state timeout increases
  • Disable auto-added VPN rules option
  • Multiple servers per-domain in DNS forwarder overrides
  • No XMLRPC Sync rules fixed
  • Captive portal locking replaced
  • DNS Forwarder
  • Outbound load balancer replaced
2.0[11] September 17, 2011
2.0.1[12] December 20, 2011
  • Improved accuracy of automated state killing in various cases (#1421)
  • Various fixes and improvements to relayd
  • Fixed path to FreeBSD packages repo for 8.1
  • Various fixes to syslog
  • Removed/silenced some irrelevant log entries
  • Fixed various typos
  • Fixes for RRD upgrade/migration and backup (#1758)
  • Prevent users from applying NAT to CARP which would break CARP in various ways (#1954)
  • Fixed policy route negation for VPN networks (#1950)
  • Fixed “Bypass firewall rules for traffic on the same interface” (#1950)
  • Fixed VoIP rules produced by the traffic shaper wizard (#1948)
  • Fixed uname display in System Info widget (#1960)
  • Fixed LDAP custom port handling
  • Fixed Status > Gateways to show RTT and loss like the widget
  • Improved certificate handling in OpenVPN to restrict certificate chaining to a specified depth – CVE-2011-4197
  • Improved certificate generation to specify/enforce type of certificate (CA, Server, Client) – CVE-2011-4197
  • Clarified text of serial field when importing a CA (#2031)
  • Fixed MTU setting on upgrade from 1.2.3, now upgrades properly as MSS adjustment (#1886)
  • Fixed Captive Portal MAC passthrough rules (#1976)
  • Added tab under Diagnostics > States to view/clear the source tracking table if sticky is enabled
  • Fixed CARP status widget to properly show “disabled” status.
  • Fixed end time of custom timespan RRD graphs (#1990)
  • Fixed situation where certain NICs would constantly cycle link with MAC spoofing and DHCP (#1572)
  • Fixed OpenVPN ordering of client/server IPs in Client-Specific Override entries (#2004)
  • Fixed handling of OpenVPN client bandwidth limit option
  • Fixed handling of LDAP certificates (#2018, #1052, #1927)
  • Enforce validity of RRD graph style
  • Fixed crash/panic handling so it will do textdumps and reboot for all, and not drop to a db> prompt.
  • Fixed handling of hostnames in DHCP that start with a number (#2020)
  • Fixed saving of multiple dynamic gateways (#1993)
  • Fixed handling of routing with unmonitored gateways
  • Fixed Firewall > Shaper, By Queues view
  • Fixed handling of spd.conf with no phase 2’s defined
  • Fixed synchronization of various sections that were leaving the last item on the slave (IPsec phase 1, Aliases, VIPs, etc.)
  • Fixed use of quick on internal DHCP rules so DHCP traffic is allowed properly (#2041)
  • Updated ISC DHCP server to 4.2.3 (#1888) – this fixes a denial of service vulnerability in dhcpd.
  • Added patch to mpd to allow multiple PPPoE connections with the same remote gateway
  • Lowered size of CF images to again fix on newer and ever-shrinking CF cards.
  • Clarified text for media selection (#1910)
2.0.2[13] December 21, 2012
  • Bug fixes
  • Security fixes
2.0.3[14] April 15, 2013
  • Bug fixes
  • Security fixes
2.1[15] September 15, 2013
  • IPv6 Support
  • Upgrade to FreeBSD 8.3
  • Updated Atheros drivers
  • OpenSSL 1.0.1e (or later) used by OpenVPN, PHP, IPsec, etc.
  • PHP to 5.3.x
  • OpenVPN to 2.3.x
  • Added mps kernel module
  • Added ahci kernel module
  • Updated ixgbe driver
  • Numerous Bug fixes
  • Security fixes
2.1.1[16] April 4, 2014
  • Security fixes
2.1.2[17] April 10, 2014
  • Heartbleed OpenSSL Security fixes
  • Bug fixes
2.1.3[18] May 2, 2014
  • Security fixes
  • Bug fixes
2.1.4[19] June 25, 2014
  • Security fixes
  • Bug fixes
2.1.5[20] August 27, 2014
  • Security fixes
  • Bug fixes
2.2[21][22] January 23, 2015
  • Upgrade to FreeBSD 10.1
  • Update the IPsec stack to include AES-GCM, and IKEv2
  • Update PHP backend from FastCGI to PHP-FPM
  • Update PHP to 5.5
  • Change from dnsmasq to the Unbound DNS Resolver
  • Numerous Bug Fixes
2.2.1[23] March 17, 2015
  • Security fixes
  • Bug fixes
2.2.2[24] April 15, 2015
  • Security fixes
  • Bug fixes
2.2.3[25] June 25, 2015
  • Security fixes
  • Bug fixes
2.2.4[26] July 27, 2015
  • Security fixes
  • Bug fixes
2.2.5[27] November 5, 2015
  • Security fixes
  • Bug fixes
2.2.6[28] December 21, 2015
  • Security fixes
  • Bug fixes
2.3 [29] April 12, 2016
  • Upgrade to FreeBSD 10.3
  • Rewrite of the webGUI utilizing Bootstrap
  • Numerous Bug Fixes
2.3.1 [30] May 18, 2016
  • Security fixes
  • Bug fixes
2.3.2 [31] July 25, 2016
  • Security fixes
  • Bug fixes
2.3.3 [32] February 20, 2017
  • Stability and Bug fixes
  • Fixes for a handful of security issues in the GUI
  • A handful of new features
2.3.4 [33] May 4, 2017
  • Stability and Bug fixes
  • Fixes for a handful of security issues in the GUI
  • A handful of new features
2.4.0 [34] Oct 12, 2017
  • FreeBSD updated to 11.1
  • New pfSense installer with support for ZFS, UEFI, and other partition layouts
  • OpenVPN 2.4.x support
  • GUI offers 13 different languages
  • Web GUI improvements
  • Certificate management improvements
  • Captive portal rewritten to include CSR signing and international character support
Version Release date Significant changes

References

  1. ^ "Hardware". Electric Sheep Fencing LLC. Retrieved 5 August 2015.
  2. ^ "64-bit support". Electric Sheep Fencing LLC. Retrieved 7 May 2017.
  3. ^ "pfSense 2.5 and AES-NI". Electric Sheep Fencing LLC. Retrieved 25 September 2017.
  4. ^ Cite error: The named reference Ullrich was invoked but never defined (see the help page).
  5. ^ Ullrich, Scott (October 29, 2006). "1.0.1-RELEASED!". pfSense Digest.
  6. ^ Ullrich, Scott (April 29, 2007). "1.2-BETA-1 released!". pfSense Digest.
  7. ^ Buechler, Chris (February 25, 2008). "1.2 Release Available!". pfSense Digest.
  8. ^ Buechler, Chris (December 26, 2008). "pfSense 1.2.1 released!". pfSense Digest.
  9. ^ Buechler, Chris (January 9, 2009). "pfSense 1.2.2 released!". pfSense Digest.
  10. ^ Buechler, Chris (December 10, 2009). "pfSense 1.2.3 released!". pfSense Digest.
  11. ^ Cite error: The named reference 2.0 was invoked but never defined (see the help page).
  12. ^ Buechler, Chris (December 20, 2011). "2.0.1 release now available!". pfSense Digest.
  13. ^ Buechler, Chris (December 21, 2012). "2.0.2 release now available!". pfSense Digest.
  14. ^ Buechler, Chris (April 15, 2013). "2.0.3 release now available!". pfSense Digest.
  15. ^ Cite error: The named reference 2.1 was invoked but never defined (see the help page).
  16. ^ Thompson, Jim (April 4, 2014). "2.1.1-RELEASE now available". pfSense Digest.
  17. ^ Thompson, Jim (April 10, 2014). "2.1.2 Release Now available". pfSense Digest.
  18. ^ Dillard, Jared (May 2, 2014). "2.1.3 RELEASE Now available". pfSense Digest.
  19. ^ Dillard, Jared (June 25, 2014). "2.1.4 RELEASE Now available". pfSense Digest.
  20. ^ Dillard, Jared (August 27, 2014). "2.1.5 RELEASE Now available". pfSense Digest.
  21. ^ Cite error: The named reference Buechler was invoked but never defined (see the help page).
  22. ^ Cite error: The named reference distrowatch.com was invoked but never defined (see the help page).
  23. ^ Buechler, Chris (March 17, 2015). "2.2.1 RELEASE Now available". pfSense Digest. Retrieved 13 April 2015.
  24. ^ Buechler, Chris (April 15, 2015). "2.2.2 RELEASE Now available!". pfSense Digest. Retrieved 15 April 2015.
  25. ^ Buechler, Chris (June 25, 2015). "2.2.3 RELEASE Now available!". pfSense Digest. Retrieved 7 July 2015.
  26. ^ Buechler, Chris (July 27, 2015). "2.2.4 RELEASE Now available!". pfSense Digest. Retrieved 27 July 2015.
  27. ^ Buechler, Chris (November 5, 2015). "2.2.5 RELEASE Now available!". pfSense Digest. Retrieved 1 December 2015.
  28. ^ Buechler, Chris (December 21, 2015). "2.2.6-RELEASE Now available!". pfSense Digest. Retrieved 1 December 2015.
  29. ^ Cite error: The named reference ReferenceA was invoked but never defined (see the help page).
  30. ^ Buechler, Chris (May 18, 2016). "2.3.1-RELEASE Now available!". pfSense Digest. Retrieved 18 May 2016.
  31. ^ Buechler, Chris (July 25, 2016). "2.3.2-RELEASE Now available!". pfSense Digest. Retrieved 25 July 2016.
  32. ^ Pingle, Jim (February 20, 2017). "pfSense 2.3.3 RELEASE Now Available!". pfSense Digest. Retrieved 20 February 2017.
  33. ^ Pingle, Jim (May 4, 2017). "pfSense 2.3.4 RELEASE Now Available!". Netgate Blog. Retrieved 4 May 2017.
  34. ^ Pingle, Jim (Oct 12, 2017). "pfSense 2.4.0-RELEASE Now Available!". pfSense Digest. Retrieved 12 Oct 2017.

-- Jytdog (talk) 00:23, 30 November 2017 (UTC)

Ownership[edit]

Looking for independent sources on the companies that have been involved in this - Electric Sheep Fencing LLC then Rubicon/Netgate. The business matters around this. Jytdog (talk) 14:49, 30 November 2017 (UTC)

Removal of content[edit]

User:Gonzopancho please explain why you are removing the content about the WTO matter. Thanks. Jytdog (talk) 17:29, 13 July 2018 (UTC)

how on earth does the WIPO matter have anything to do with pfSense (other than to simply promote OPNsense on pfSense wikipedia page?) --Gonzopancho (talk) 17:38, 13 July 2018 (UTC)
This is something that the company actually did. You need to explain why you removed it. Jytdog (talk) 21:29, 13 July 2018 (UTC)