pfSense

pfSense
	200px
	pfsense 2.1.5 screenshot
Developer	Electric Sheep Fencing, LLC
Written in	{{#property:p277}}
OS family	FreeBSD (10.1-RELEASE)
Working state	Current
Source model	Open source
Latest release	2.2.6 / December 22, 2015
Platforms	Intel x86, AMD64
Kernel type	Monolithic kernel
License	ESF (6-clause BSD-alike License)
Official website	www.pfsense.org

pfSense is an open source firewall/router computer software distribution based on FreeBSD.^[3]^[4]^[5] It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network and is noted for its reliability^[6] and offering features often only found in expensive commercial firewalls.^[7]^[8] It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.^[7]^[9] pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint. pfSense supports installation of third-party packages like Snort or Squid through its Package Manager.

Name

The name was derived from the fact that it helps make the stateful packet-filtering tool PF (which acts as a firewall, packet filter, and routing service on many BSD and Unix platforms) make more sense to non-technical users.^[10]

History

The pfSense project started in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich.^[11] From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for CompactFlash-based installations. Version 1.0 of the software was released on October 4, 2006.^[12] Version 2.0 was released on September 17, 2011.^[13] Version 2.1 was released on September 15, 2013^[14] and version 2.2 was released January 23, 2015.^[15]^[16]

Version history

Version	Release date	Significant changes
1.0^[12]	October 4, 2006	The first official release.
1.0.1^[17]	October 29, 2006	Bug fixes
1.2^[18]^[19]	February 25, 2008	FreeBSD updated to 6.2 Reworked load balancing pools which allow for round robin or failover Miniupnpd added to the base install Much enhanced RRD graphs Numerous Squid Package fixes dnsmasq updated to 2.36 olsrd updated to 0.4.10 BandwidthD package added PHP upgraded to 4.4.6 Lighttpd upgraded to 1.4.15 Numerous Bug fixes
1.2.1^[20]	December 26, 2008	FreeBSD updated to 7.0 Bug fixes
1.2.2^[21]	January 9, 2009	Setup wizard fix SVG graphs fixed (IPsec reload fix specific to large (100+ site) deployments Bridge creation code changes FreeBSD updates for two security advisories
1.2.3^[22]	December 10, 2009	Upgrade to FreeBSD 7.2 Embedded switched to nanobsd Dynamic interface bridging bug fix IPsec connection reloading improvements Dynamic site to site IPsec Sticky connections enable/disable Ability to delete DHCP leases Polling fixed ipfw state table size Server load balancing UDP state timeout increases Disable auto-added VPN rules option Multiple servers per-domain in DNS forwarder overrides No XMLRPC Sync rules fixed Captive portal locking replaced DNS Forwarder Outbound load balancer replaced
2.0^[13]	September 17, 2011	Upgrade to FreeBSD 8.1 Significant enhancements to almost every portion of the system (Full Change log)
2.0.1^[23]	December 20, 2011	Improved accuracy of automated state killing in various cases (#1421) Various fixes and improvements to relayd Fixed path to FreeBSD packages repo for 8.1 Various fixes to syslog Removed/silenced some irrelevant log entries Fixed various typos Fixes for RRD upgrade/migration and backup (#1758) Prevent users from applying NAT to CARP which would break CARP in various ways (#1954) Fixed policy route negation for VPN networks (#1950) Fixed “Bypass firewall rules for traffic on the same interface” (#1950) Fixed VoIP rules produced by the traffic shaper wizard (#1948) Fixed uname display in System Info widget (#1960) Fixed LDAP custom port handling Fixed Status > Gateways to show RTT and loss like the widget Improved certificate handling in OpenVPN to restrict certificate chaining to a specified depth – CVE-2011-4197 Improved certificate generation to specify/enforce type of certificate (CA, Server, Client) – CVE-2011-4197 Clarified text of serial field when importing a CA (#2031) Fixed MTU setting on upgrade from 1.2.3, now upgrades properly as MSS adjustment (#1886) Fixed Captive Portal MAC passthrough rules (#1976) Added tab under Diagnostics > States to view/clear the source tracking table if sticky is enabled Fixed CARP status widget to properly show “disabled” status. Fixed end time of custom timespan RRD graphs (#1990) Fixed situation where certain NICs would constantly cycle link with MAC spoofing and DHCP (#1572) Fixed OpenVPN ordering of client/server IPs in Client-Specific Override entries (#2004) Fixed handling of OpenVPN client bandwidth limit option Fixed handling of LDAP certificates (#2018, #1052, #1927) Enforce validity of RRD graph style Fixed crash/panic handling so it will do textdumps and reboot for all, and not drop to a db> prompt. Fixed handling of hostnames in DHCP that start with a number (#2020) Fixed saving of multiple dynamic gateways (#1993) Fixed handling of routing with unmonitored gateways Fixed Firewall > Shaper, By Queues view Fixed handling of spd.conf with no phase 2’s defined Fixed synchronization of various sections that were leaving the last item on the slave (IPsec phase 1, Aliases, VIPs, etc.) Fixed use of quick on internal DHCP rules so DHCP traffic is allowed properly (#2041) Updated ISC DHCP server to 4.2.3 (#1888) – this fixes a denial of service vulnerability in dhcpd. Added patch to mpd to allow multiple PPPoE connections with the same remote gateway Lowered size of CF images to again fix on newer and ever-shrinking CF cards. Clarified text for media selection (#1910)
2.0.2^[24]	December 21, 2012	Bug fixes Security fixes
2.0.3^[25]	April 15, 2013	Bug fixes Security fixes
2.1^[14]	September 15, 2013	IPv6 Support Upgrade to FreeBSD 8.3 Updated Atheros drivers OpenSSL 1.0.1e (or later) used by OpenVPN, PHP, IPsec, etc. PHP to 5.3.x OpenVPN to 2.3.x Added mps kernel module Added ahci kernel module Updated ixgbe driver Numerous Bug fixes Security fixes
2.1.1^[26]	April 4, 2014	Security fixes
2.1.2^[27]	April 10, 2014	Heartbleed OpenSSL Security fixes Bug fixes
2.1.3^[28]	May 2, 2014	Security fixes Bug fixes
2.1.4^[29]	June 25, 2014	Security fixes Bug fixes
2.1.5^[30]	August 27, 2014	Security fixes Bug fixes
2.2^[15]^[16]	January 23, 2015	Upgrade to FreeBSD 10.1 Update the IPsec stack to include AES-GCM, and IKEv2 Update PHP backend from FastCGI to PHP-FPM Update PHP to 5.5 Change from dnsmasq to the Unbound DNS Resolver Numerous Bug Fixes
2.2.1^[31]	March 17, 2015	Security fixes Bug fixes
2.2.2^[32]	April 15, 2015	Security fixes Bug fixes
2.2.3^[33]	June 25, 2015	Security fixes Bug fixes
2.2.4^[34]	July 27, 2015	Security fixes Bug fixes
2.2.5^[35]	November 5, 2015	Security fixes Bug fixes
2.2.6^[1]	December 22, 2015	Security fixes Bug fixes
Version	Release date	Significant changes

Features

Install, update, packages, management	Live CD, update, NanoBSD/embedded, virtual machine, and USB installers available Packaged support/push-button installer for extensions, including the Squid proxy server, the Snort intrusion prevention/detection system, ntop, the HAVP antivirus package, IP address blocklist' Multi-language Console, web-based GUI, SSH (if enabled) and serial management RRD graphs reporting Traffic shaping and filtering Real-time information using Ajax
Functionality and connectivity	Virtual Private Networks using IPsec, L2TP, OpenVPN, or PPTP PPPoE server High availability clustering; redundancy and failover including CARP and pfsync Outbound and inbound load balancing Quality of Service (QoS) Dynamic DNS Captive portal uPnP Multi-WAN VLAN (802.1q) DHCP server and relay IPv6 support Multiple public IP addresses/multi-NAT RADIUS/LDAP Multiple resolvers (DNS forwarder, Unbound, TinyDNS, other) Aliases supported for rules, IP addresses, ports, computers, and other entities
Firewall and routing	Stateful firewall Network Address Translation Filtering by source/destination IP address, protocol, OS/network fingerprinting Flexible routing Per-rule configurable logging and per-rule limiters (IP addresses, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway Packet scrubbing Layer 2/bridging capable State table "up to several hundred thousand" states (1 KB RAM per state approx) State table algorithms customizable including low latency and low-dropout
Packages support	Packages available as "push button installs" among others: Snort Intrusion detection and prevention Suricata Intrusion detection and prevention pfBlockerNG OpenBGPD MailScanner HAProxy Asterisk Squid caching and reverse proxy with SquidGuard HAVP antivirus with ClamWin Varnish3 Postfix forwarder Apache HTTP Server with mod-security FreeSWITCH (Voice over IP) spamd ntopNG nmap multiple monitoring and statistics packages, file managers.

Hardware

pfSense 2.1 through 2.2 has low minimum system requirements (for example 256 MB RAM and 500 MHz CPU)^[36] and can be installed on hardware with x86 or x86-64 architecture. After 2.3, pfSense will require the x86-64 architecture, ending support for 32-bit installations^{[citation needed]}. It is also available for embedded system hardware using Compact Flash or SD cards. pfSense also supports virtualized installation.

References

↑ ^1.0 ^1.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ ^7.0 ^7.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ "You should be running pfsense" - Paul Venezia, InfoWorld http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ ^12.0 ^12.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ ^13.0 ^13.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ ^14.0 ^14.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ ^15.0 ^15.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ ^16.0 ^16.1 http://distrowatch.com/table.php?distribution=pfsense
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ m0n0wall - End of Development announcement; m0n0.ch
↑ Lua error in package.lua at line 80: module 'strict' not found.

External links

Official website

[latest_release-1] 1.0 ^1.1 Lua error in package.lua at line 80: module 'strict' not found.

[ESF-License-2] Lua error in package.lua at line 80: module 'strict' not found.

[3] Lua error in package.lua at line 80: module 'strict' not found.

[4] Lua error in package.lua at line 80: module 'strict' not found.

[5] Lua error in package.lua at line 80: module 'strict' not found.

[6] Lua error in package.lua at line 80: module 'strict' not found.

[fsm-7] 7.0 ^7.1 Lua error in package.lua at line 80: module 'strict' not found.

[softpedia211-8] Lua error in package.lua at line 80: module 'strict' not found.

[9] "You should be running pfsense" - Paul Venezia, InfoWorld http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html

[10] Lua error in package.lua at line 80: module 'strict' not found.

[11] Lua error in package.lua at line 80: module 'strict' not found.

[Ullrich-12] 12.0 ^12.1 Lua error in package.lua at line 80: module 'strict' not found.

[2.0-13] 13.0 ^13.1 Lua error in package.lua at line 80: module 'strict' not found.

[2.1-14] 14.0 ^14.1 Lua error in package.lua at line 80: module 'strict' not found.

[Buechler-15] 15.0 ^15.1 Lua error in package.lua at line 80: module 'strict' not found.

[distrowatch.com-16] 16.0 ^16.1 http://distrowatch.com/table.php?distribution=pfsense

[17] Lua error in package.lua at line 80: module 'strict' not found.

[18] Lua error in package.lua at line 80: module 'strict' not found.

[19] Lua error in package.lua at line 80: module 'strict' not found.

[20] Lua error in package.lua at line 80: module 'strict' not found.

[21] Lua error in package.lua at line 80: module 'strict' not found.

[22] Lua error in package.lua at line 80: module 'strict' not found.

[23] Lua error in package.lua at line 80: module 'strict' not found.

[24] Lua error in package.lua at line 80: module 'strict' not found.

[25] Lua error in package.lua at line 80: module 'strict' not found.

[Thompson-26] Lua error in package.lua at line 80: module 'strict' not found.

[27] Lua error in package.lua at line 80: module 'strict' not found.

[28] Lua error in package.lua at line 80: module 'strict' not found.

[29] Lua error in package.lua at line 80: module 'strict' not found.

[30] Lua error in package.lua at line 80: module 'strict' not found.

[31] Lua error in package.lua at line 80: module 'strict' not found.

[32] Lua error in package.lua at line 80: module 'strict' not found.

[33] Lua error in package.lua at line 80: module 'strict' not found.

[34] Lua error in package.lua at line 80: module 'strict' not found.

[35] Lua error in package.lua at line 80: module 'strict' not found.

[36] Lua error in package.lua at line 80: module 'strict' not found.

[SF-OPNsense-37] Lua error in package.lua at line 80: module 'strict' not found.

[reddit-OPNsense-38] Lua error in package.lua at line 80: module 'strict' not found.

[EoL-39] 0n0wall - End of Development announcement; m0n0.ch

[FreeBSDNews-OPNsense-40] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38]

[39]

[40]

pfSense

Contents

Name

History

Version history

Features

Hardware

See also

References

Further reading

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools