PfSense

From Wikipedia, the free encyclopedia
pfSense
Company / developer Electric Sheep Fencing, LLC
OS family BSD
Working state Current
Source model Open source free software
Latest stable release 2.1.0 / September 15, 2013 (2013-09-15)
Latest unstable release 2.2 / Daily snapshots
Supported platforms Intel x86, AMD64
Kernel type Monolithic kernel
License BSD License
Official website http://www.pfsense.org/

pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability[1] and offering features often only found in expensive commercial firewalls.[2] It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.[2] pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint.

The name was derived from the fact that it helps make the stateful packet-filtering tool pf (which acts as a firewall, packet filter, and routing service on many BSD and Unix platforms) to make more sense to non-technical users.[3]

History

The pfSense project started in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich.[4] From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for CompactFlash-based installations. Version 1.0 of the software was released on October 4, 2006.[5] Version 2.0 was released on September 17, 2011,[6] with updates 2.0.1 to 2.0.3 between then and 2013, and version 2.1 was released on September 15, 2013.

Features

Install, update, packages, management
  • Live CD, update, NanoBSD/embedded, virtual machine, and USB installers available
  • Packaged support/push-button installer for extensions, including the Squid proxy server, the Snort intrusion prevention/detection system, ntop, the HAVP antivirus package, IP blocklists, and the FreeSWITCH[7] telephony platform
  • Multi-language
  • Console, web-based GUI, SSH (if enabled) and serial management
  • RRD graphs reporting
  • Traffic shaping and filtering
  • Real-time information using Ajax
Functionality and connectivity
  • Virtual Private Networks using IPsec, L2TP, OpenVPN, or PPTP
  • PPPoE server
  • High availability clustering; redundancy and failover including CARP and pfsync
  • Outbound and inbound load balancing
  • Quality of Service (QoS)
  • Dynamic DNS
  • Captive portal
  • uPnP
  • Multi-WAN
  • VLAN (802.1q)
  • DHCP server and relay
  • IPv6 support
  • Multiple public IPs/multi-NAT
  • RADIUS/LDAP
  • Multiple resolvers (DNS forwarder, Unbound, TinyDNS, other)
  • Aliases supported for rules, IPs, ports, computers, and other entities
Firewall and routing
  • Stateful firewall
  • Network Address Translation
  • Filtering by source/destination IP, protocol, OS/network fingerprinting
  • Flexible routing
  • Per-rule configurable logging and per-rule limiters (IPs, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway
  • Packet scrubbing
  • Layer 2/bridging capable
  • State table "up to several hundred thousand" states (1KB RAM per state approx)
  • State table algorithms customizable including low latency and low-dropout

Packages available as "push button installs" (as of March 2013) include but are not limited to: Asterisk, Squid (file caching), ClamWin download scanner, Apache HTTP Server with mod-security, FreeSWITCHG (Voice over IP), jail, LCD panel support, spamd email tarpit, nmap, stunnel, Varnish accelerator, multiple monitoring and statistics packages, file managers.

Hardware

Although the main focus of pfSense is on full-PC installation, it is also available in versions for embedded use on hardware using Compact Flash rather than a hard drive. Many companies produce system boards, or complete low power computers, specifically designed to run pfSense embedded.[8][9][10][11][12]

See also

References

  1. Danen, Vincent (December 7, 2009). "DIY pfSense firewall system beats others for features, reliability, and security". TechRepublic. "If you want a high-availability and highly reliable firewall, pfSense is definitely something to seriously consider" 
  2. 2.0 2.1 Miller, Sloan (June 26, 2008). "Configure a professional firewall using pfSense". Free Software Magazine (22). "No experience is needed with FreeBSD or GNU/Linux to install and run pfSense" 
  3. Buechler, Chris (June 21, 2007). "So what does pfSense stand for/mean, anyway?". pfSense Digest. 
  4. "pfSense Open Source Firewall Distribution - History". 
  5. Ullrich, Scott (October 13, 2006). "1.0-RELEASED!". pfSense Digest. 
  6. Buechler, Chris (September 17, 2011). "2.0-RELEASED!". pfSense Digest. 
  7. pfSense's FreeSWITCH
  8. "pfSense Firewall". 
  9. "OPNsense - pfsense firewall appliances". 
  10. "StrongBochs pfSense features". 
  11. "pfSense firewall Kit". 
  12. "pfSense embedded and UTM appliance firewall italian Kit". 

External links

Operating system/
Network operating system
Linux-based
entirely free software
proprietary components
FreeBSD-based
entirely free software
proprietary components
  • JunOS
Proprietary software
Routing daemons
Other software
Related articles
The FreeBSD Project
FreeBSD
Notable subsystems
People
Derivatives
Related pages
Linux
Linux kernel modules
Userland programs
netfilter-wrappers
Proxy server
Special Linux Distributions
BSD
Kernel-based
Special BSD distributions
Mac OS X
Windows
Commercial
Freeware
Open-source
Appliances
This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.