November 10th, 2009 by Chris Buechler
Glad to see two book reviews on Amazon already, both with five stars!
I was thrilled to have the foreword for the book written by one of my favorite authors, Michael W Lucas, the author of Absolute FreeBSD, Absolute OpenBSD, Cisco Routers for the Desperate, PGP & GPG, among other things. Thought I would share it here.
My friends and co-workers know that I build firewalls. At least once a month someone says “My company needs a firewall with X and Y, and the price quotes I’ve gotten are tens of thousands of dollars. Can you help us out?”
Anyone who builds firewalls knows this question could be more realistically phrased as “Could you please come over one evening and slap together some equipment for me, then let me randomly interrupt you for the next three to five years to have you install new features, debug problems, set up features I didn’t know enough to request, attend meetings to resolve problems that can’t possibly be firewall issues but someone thinks might be the firewall, and identify solutions for my innumerable unknown requirements? Oh, and be sure to test every possible use case before deploying anything.”
Refusing these requests makes me seem churlish. Accepting these requests ruins my cheerful demeanor. For a long time, I wouldn’t build firewalls except for my employer. pfSense lets me be a nicer person without having to actually work at it. With pfSense I can deploy a firewall in just a few hours — and most of that is running cables and explaining the difference between “inside” and “outside.” pfSense’s extensive documentation and user community offers me an easy answer to questions — “did you look that up?” If pfSense doesn’t support a feature, chances are I couldn’t support it either. But pfSense supports everything I could ask for, and with a friendly interface to boot. The wide userbase means that features are tested in many different environments and generally “just work,” even when interacting with the CEO’s kids’ Windows ME PC connected to the Internet by Ethernet over ATM over carrier pigeon. Best of all, pfSense is built on much of the same software I’d use myself. I trust the underlying FreeBSD operating system to be secure, stable, and efficient.
Security updates? Just click a button and reboot. You need new features? Just turn them on. pfSense handles clustering, traffic shaping, load balancing, integration with your existing equipment through RADIUS, IPsec, PPTP, monitoring, dynamic DNS, and more. Big-name industry suppliers charge outrageous fees to support what pfSense freely provides. If your employer insists on paying for support contracts, or if you just feel more secure knowing you can pick up the phone and scream for help, you can get pfSense support agreements very reasonably. If you don’t need a support contract, I happen to know that Chris, Jim, or anyone else with a pfSense commit bit will let grateful pfSense users buy them a beer or six.
Personally, I don’t build firewalls from scratch any more. When I need a firewall, I use pfSense.
– Michael W. Lucas
November 5th, 2009 by Chris Buechler
Five years ago today, the pfsense.* domains were first registered. The project actually hit 5 years since its inception about 2-3 months ago, living the first part of its life as projectx (some history here) with no website.We’ve come a long way!
Thanks to everyone who has supported the project in any fashion over the past five years. Here’s to even better things in the next 5 years!
And what better way to celebrate than picking up a fresh off the press copy of the pfSense book?
November 3rd, 2009 by Chris Buechler
Now available on Amazon
NOTE: The print book is still available, however being based on the 1.2.3 version, it is largely obsolete. The 2.1 PDF edition is immediately available for Gold Subscribers. It’s the recommended version for everyone, as it’s been greatly expanded and updated.
Click here for details.
Finally, comprehensive documentation for pfSense is available in print!
Table of contents is available here.
Authored by pfSense co-founder Chris Buechler and pfSense developer Jim Pingle, The Definitive Guide to pfSense covers installation and basic configuration through advanced networking and firewalling of the popular open source firewall and router distribution.
This book is designed to be a friendly step-by-step guide to common networking and security tasks, plus a thorough reference of pfSense’s capabilities. The Definitive Guide to pfSense covers the following topics:
- An introduction to pfSense and its features.
- Hardware and system planning.
- Installing and upgrading pfSense.
- Using the web-based configuration interface.
- Backup and restoration.
- Firewalling fundamentals and defining and troubleshooting rules.
- Port forwarding and Network Address Translation.
- General networking and routing configuration.
- Bridging, Virtual LANs (VLANs), and Multi-WAN.
- Virtual Private Networks using IPsec, PPTP, and OpenVPN.
- Traffic shaping and load balancing.
- Wireless networking and captive portal setups.
- Redundant firewalls and High Availability.
- Various network related services.
- System monitoring, logging, traffic analysis, sniffing, packet capturing, and troubleshooting.
- Software package and third-party software installations and upgrades.
At the end of this book, you’ll find a menu guide with the standard menu choices available in pfSense and a detailed index.
Thanks for your support!
October 17th, 2009 by Scott Ullrich
A new package that provides a full terminal via webpage has been added. This little gem of a package uses AJAX and provides full terminal emulation allowing for full screen terminal applications like vi, nano, top and so such to run perfectly!
The package also provides support for STUnnel. However there is a known bug with STUnnel on the Certificates tab that we are working on but the default SSL Certificate works OK.
Check out a few screen shots
October 14th, 2009 by Scott Ullrich
What started originally as a base system option written by Remco Hoef was rescued from the dead, brought up to the latest HAProxy standard and then turned into a full blown package so that it can run on 1.2.3 and 2.0!
Check out these screen shots:
Install the package and let us know what you think!
October 8th, 2009 by Chris Buechler
After several months since the last official 1.2.3-RC release, because of some tough issues in the underlying software that are now resolved, 1.2.3-RC3 is now available.
The final release will be coming very soon, please help test.
The major changes since 1.2.3-RC1:
September 4th, 2009 by Holger Bauer
We have been announcing the upcoming pfSense book already multiple times here on the blog. Here’s a quick update for all those waiting to finally buy it: It’s almost done!
As you can see from the information on the publishers site it only needs some finishing touches and even the first preview print has been produced.
Stay tuned, we’re almost there!
August 2nd, 2009 by Chris Buechler
Passing on an email from The FreeBSD Foundation:
Millions of systems run FreeBSD. Hundreds of volunteers contribute to FreeBSD’s success. But what is the size of FreeBSD’s user base? This simple question is very hard to answer, but its answer is vital to the cause of promoting FreeBSD. It is extremely difficult to convince businesses to invest time and money to add FreeBSD support to their products based solely on vague estimates of the size of our community. We should know – working to make FreeBSD a more widely supported platform is a task the FreeBSD Foundation has worked on since its inception.
Please help us in our fight to promote FreeBSD. A donation to the FreeBSD Foundation helps fund our work, but it also gives us strength in numbers. Our count of unique donors is a vital indication of the size and buying power of our community. However, we have never broken even one thousand donors in any year. We know in our hearts that this is a small fraction of our user base and of those who want to help expand FreeBSD’s presence.
So stand up and be counted! Make a donation. Encourage other FreeBSD users to donate as well. No donation amount is too large or too small. Just by becoming a donor you are making a powerful statement about the strength of FreeBSD!
As the base operating system of this project, much of the work the FreeBSD Foundation sponsors directly benefits pfSense users as well. You can donate here. The FreeBSD Foundation is a non-profit 501(c)3 charity, so your contributions may be tax deductable.
July 14th, 2009 by Chris Buechler
Embedded has historically been a second class citizen, with most development focus and most users ( > 80% of downloads) using full installs. Taking advantage of what a full install offers was in fact the original reason for this project, though embedded was later added. This has now changed considerably, with the introduction of the next generation of pfSense embedded. It’s been on the snapshot server for quite some time and been a work in progress for months, but now we want to alert people of its presence for wider testing. It is based on nanobsd, a standardized build methodology for FreeBSD embedded applications.
The changes it brings:
- Reliable upgrades – Finally, no longer is there a need to re-flash your CF and restore your configuration.
- Multiple firmware support – there are two partitions, each containing their own separate pfSense install. To test upgrades, you can upgrade the second partition, and roll back to the first if necessary.
- Package support – packages that are suitable for an embedded platform are supported.
- Multiple hardware architecture support – with some additional changes that are currently in the works, this will allow us to support non-x86 architectures in the future, where FreeBSD supports those architectures and specific platforms. Expect to see MIPS and ARM first, with others possible. Historically, these platforms had such limited CPU, RAM and flash that we would have been forced to spend an inordinate amount of time trimming things down, removing numerous features only to end up with a much less attractive offering. That development time is better spent elsewhere. With new MIPS and ARM platforms offering considerably more flash and RAM, this is no longer the case. Though these hardware limits are still applicable to your typical consumer grade Linksys and similar routers, they will never be supported. Specific information on supported hardware will come in the future.
There are 512 MB, and 1, 2 and 4 GB images available. The 4 GB images work fine with larger size CF cards. For now there won’t be any images larger than 4 GB, though expect that to change for 2.0.
1.2.3 embedded will be released based on nanobsd, and the old means of doing embedded will be discontinued. This means the minimum CF size for 1.2.3 embedded will be 512 MB. This is necessary because of the dual firmware support, it has to be twice as big, and we want to leave plenty of space for future upgrades.
What about my smaller than 512 MB CF card?
There isn’t an easy way to accommodate CF cards less than 512 MB. A 512 MB card can be found for under $20 USD including shipping, you’ll need to upgrade.
You’ll find images in the nanobsd folders on the snapshot server.
For problem reporting, please use the 1.2.3 board on the forum, or the mailing list.
July 13th, 2009 by Chris Buechler
I will be presenting on pfSense at EuroBSDCon 2009, September 18-20 at University of Cambridge, England. A summary schedule, subject to change, is available and registration is open.
This will be my first EuroBSDCon, though I’m sure it’s as well done, informative, and fun as BSDCan and DCBSDCon, of which I’ve attended 6 combined.
My presentation will be an updated version of the presentation given at BSDCan, covering all the new functionality in 2.0, and our plans for beyond that.
I look forward to meeting some of you there!
Holger and Seth will be there too.