Author Archive

First spotting of the pfSense book…

Friday, September 4th, 2009

We have been announcing the upcoming pfSense book already multiple times here on the blog. Here’s a quick update for all those waiting to finally buy it: It’s almost done!

As you can see from the information on the publishers site it only needs some finishing touches and even the first preview print has been produced.

Stay tuned, we’re almost there!

pfSense_ng theme

Thursday, June 25th, 2009

Just a really quick update: The theme was added to the 1.2.3 branch and should be available after the next snapshot builder run. However, we have decided to not make it the default theme yet. You can switch to the new theme under system>general after updating your install or after installing from a recent snapshot-livecd.

You can grab the updates or new livecd from the snapshot-site.

Something more elegant…

Sunday, April 26th, 2009

Well, after there was not too much love for my last theme I tried to do something more masscompatible this time trying to take all the critics in consideration that I earned so far:

  • less colorful, stick with the original pfSense-colors (grey/red)
  • don’t waste too much space for the header/footer
  • kind of corporate look
  • static menu, that doesn’t scroll away (I guess that at least was something everybody liked about the hackathon theme)
  • more lightweight on graphics

Read the rest of this entry »

Hackathon2k9 theme preview

Friday, March 27th, 2009

Here is what I have been working on during the hackathon a few weeks ago. It’s not yet commited as I’m not quite sure if I will keep it exactly this way. Sometimes the longer you work on something the less you are sure if you still like it, especially if it’s artwork related. I would appreciate some general feedback or suggestions on this.

There is one thing to note on this theme (that’s unique to this theme currently): The header including the menu is static, so it won’t scroll with the page. This way you always have access to the menu, even if you are at the bottom of a long page. The content just scrolls behind the header (as you probably notice when having a closer look). The backgroundimage is static too. I think this adds some useability, especially for those who have a long ruleset for example.

Update: Looks like this theme is polarizing people’s opinions. Some love it, some hate it. I guess I’m a real artist now. I did some more changes to it and it will be commited the way it is now. Love it or simply don’t use it if not. Don’t expect this theme to become the default theme of any version. I’ll do something more “mass-compatible” and more “corporate looking” as a new default theme following the recommendations I gathered from the discussion of this post. This one is done.

Updated preview is here.

P.S. Yes, I love the prodigy :-P

Routers owned by Botnet

Monday, March 23rd, 2009

Did you ever think your router could become a bot? I guess the answer is no. However, there seems to be a botnet that can get control over linux based routers and modems that use MIPS hardwarearchitecture. For more details check out this link . This is somehow scary. Aren’t you happy you are using pfSense? ;-)

Hackathon ’09 approaching

Tuesday, January 27th, 2009

The pfSense team will come together again this year for a week of development in the 2nd week of March in Louisville. The time will be mainly spent on working on pfSense 2.0. You should expect some huge progress on various features and the overall status of this major release. It looks like this year even more developers will make it to this convention (besides the usual suspects that have always been around).

If you want to show your support to the project now is the time to do so by sending a donation to fund the expenses of this years hackathon (mainly food and drinks or even travel expenses if enough money comes together). For details on how to donate check out this site. You can chip in via PayPal here, or for those with larger budgets, consider our commercial support services.

We also want to thank all the past donors that helped fund this event the last three years. It’s always been a great success, and we look forward to another week of significant progress for the project.

Thank you!

VoIP coming to pfSense

Thursday, December 11th, 2008

Some of you might have noticed already that there is a new package listed in your pfSense’s package manager: FreeSWITCH. Mark Crane is working hard to bring you VoIP-PBX-features to pfSense. More information on FreeSWITCH can be found here.

Check out this screenshot for a sneak peak:

The package is not yet completely done but feel free to check it out. Feedback is appreciated, however if you want to discuss a bug that you have found or a special configuration please take this to the forum or mailinglist.

New malware spotted that answers to DHCP-Requests to send clients to malicious DNS-servers

Tuesday, December 9th, 2008

There’s a new threat in the wild where a single infected machine in your network can harm all other dhcp clients on the same net: A trojan answering to dhcp-requests.

If that trojan is answering faster than your real dhcp-server it will assign some malicious dns-servers to the client that sent out the request. This is making phishing pretty easy but could also lead to the installation of faked updates.

You can find some more information about that trojan at the symantec page.

A way to prevent this using pfsense is to use a firewallrule on your internal networkinterface that is blocking all outbound tcp/udp port 53 (DNS) connections to any destination. Make sure your internal dns-server, that is manually configured and not affected by this dhcp attack, has a pass rule on top of this block rule or if you use the pfsense as dns-forwarder create a rule that grants access to the pfsense ip on port 53 tcp/udp. This way a client with faked dns-server will not be able to resolve dns anymore which will be noticed pretty soon instead of possibly using the malicious dns servers without noticing it.

pfDNS theme preview

Tuesday, October 28th, 2008

As probably not everybody wants to install or has time to install pfDNS I would like to post a screenshot of the work in progress here for those who are interested. Feel free to leave a comment and it might have influence on the final product :-)

Edit: New Screenshot posted (I have made all the suggested changes so far). Keep the feedback coming, I appreciate it!

New Screencast section at

Tuesday, January 15th, 2008

The webpage of the m0n0wall project now offers some screencasts that walk you through different configuration steps of a m0n0wall. Some of them apply to pfSense as well. If you are interested you can check them out at .