Slashdot Mirror

← Back to Stories (view on slashdot.org)

pfSense 1.0 Firewall Released

Posted by ryuzaki0 on from the protected-by-daemons dept.

Chris Daniel writes, "pfSense, a FreeBSD-based firewall LiveCD distribution, has reached its official 1.0 release. Based on m0n0wall, pfSense offers firewalling, traffic shaping, VPNs, load balancing, and a nice package-management system for adding extra functionality, among many other useful built-in features. The project has been ongoing for two years, and pfSense has already been in production use in a number of locations well before the 1.0 release." Find a download mirror here.

11 of 104 comments (clear)

  1. CURRENT? by scott_karana · · Score: 4, Interesting

    Why Freebsd 6.1-CURRENT, I wonder? STABLE is bleeding edge enough for most, and I quite imagine that they could just use base 6.1.

    1. Re:CURRENT? by Philip+K+Dickhead · · Score: 3, Informative

      pfSense Rocks hard.

      I have been on the RC1, and replaced all my Linux/IPfilter machines with this.

      --
      "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
  2. Re:Based on mOnOwall? by Anonymous Coward · · Score: 3, Informative

    monowall is just a firewall, this does traffic shaping/QoS, lots more services.

  3. SmoothWall by mahesh_gharat · · Score: 4, Informative

    Have a look at SmoothWall at http://www.smoothwall.org/
    It's based on GNU/Linux and provides at par or better features and it is there for almost 4-5 years now.

    1. Re:SmoothWall by MattBurke · · Score: 4, Informative

      Only if you discount firewalling as a feature.

      The code behind iptables is disgusting. It doesn't even do a proper job of stateful tracking. Read and compare the source code if you don't believe me - There are many things which linux does in about 10 lines of code but run into hundreds or thousands of lines in the pf source because pf does the job properly

  4. SmoothWall?? IPCop! by PurPaBOO · · Score: 5, Informative

    You only get the better features in Smoothwall if you pay for the corporate version.

    You could try IPCop instead, a fork of smoothwall.

    I use IPCop instead of pfsense for some installations as it has support for the Bewan PCI ADSL modem.

    --
    If it weren't for the rocks in its bed, the stream would have no songs.
    1. Re:SmoothWall?? IPCop! by Drasil · · Score: 3, Interesting

      I've used both Smoothwall and then IPCop for extended periods on my own home router box (an old P200/128MB). I have now been using M0n0wall for a couple of years and I am very happy with it. It doesn't have the silly coloured NIC idea, I can just add new subnets as I require and name them myself. I find it more powerful and intuitive than IPCop in other ways too. IPCop served me well for a long time but I don't think it's quite on the same level as M0n0wall, I can't comment on the non-free versions of Smoothwall.

      As for pfSense, it looks interesting, I may well give it a try

  5. Uuh, no thanks, not convinced by udippel · · Score: 4, Interesting
    I opened the links, since I was keen on finding out (even using) the thingy.

    But, no. The minimal ("Do not even attempt to use it on anything less !") hardware is beyond my means (and beyond my expectation, even for traffic shaping and stuff):
    All platforms: 128 megabytes of ram
    Embedded: 128 megabyte compact flash card
    Full installation: 2gb hard drive or larger
    LiveCD: USB Keychain for configuration storage

    That's simply a tiny little bit too much. I surely get the similar setting with OpenBSD on boxes with lower specs.

    Okay, let's get it going. I love compact flash. Alas: "Larger flash sizes can be used but pfSense will not use the space over the 128 MB limit".
    "The Snort package requires a LOT of memory, only install this when the sytem has 1 GB ram or over."

    Any need to go further ? To me, at least, not. I rather move on ... .

  6. Re:Based on mOnOwall? by Anonymous Coward · · Score: 3, Interesting

    m0n0wall is based on FreeBSD 4.x, it has little wireless support, it can not do load balancing for multiwan , neither can it do machine failover with carp.

    There are currently over $2000 bounties posted on the m0n0wall list for the first person that makes it work with FreeBSD 6. Unfortunately for m0n0wall, we see people switching to pfsense instead.

    Yes, pfSense _is_ based on m0n0wall
    No, pfSense _is not_ m0n0wall

  7. PPTP pass-through? by pmsr · · Score: 3, Informative

    pfSense is an amazing product that does without hiccups what firewalls costing hundreds or even thousands of dollars do. But it has a limitation: it can't handle more than one simultaneous PPTP pass-through session to the same server. Plenty of cheap routers (based in Linux) do this. But granted, that Linux PPTP masquerading kernel module is a little beauty.

  8. minor p2p glitch by Anonymous Coward · · Score: 3, Informative

    After months of regular use I can say pfSense is a great firewall. One minor problem (and the only one) I encountered is the inability to work with the Kademlia p2p network: the client appears as always firewalled even after days though all other ports are correctly routed and the mule client gets a high id. The problem disappears as soon as I route the same ports through a different firewall.