Archive for 2008

SonicWALL glitch leaves networks unprotected

Wednesday, December 3rd, 2008

A licensing server glitch caused thousands of SonicWALL firewalls to become unauthorized and disabled all protection.

It is being reported that firewall services have stopped and that spam, viruses, and other bad things are flowing in without a hitch.” – SANS ISC

It appears everything stopped functioning – firewalling, VPN, you name it. Obviously not such a good idea to have your network protected by DRM that can so easily go haywire and disable all protection!

SonicWALL outage frustrates customers who felt exposed

Frustrates?  I’d use far stronger words if I were a customer.

pfSense 1.2.1-RC2 VMware Appliance available

Friday, November 21st, 2008

With each release going forward, we will be providing a VMware appliance in addition to the versions currently provided. This one is being handled a little differently since it is in the first, in the future they will just be a part of the normal release announcement.

Many people (including nearly all of our developers) run pfSense in various VMware products covering their entire product line. For years now, the pfSense installer has automatically detected when you are running in VMware and applied OS tweaks specific to optimal performance when running under VMware hypervisors. More recently, Open-VM-Tools, the open source version of VMware Tools,is also available as a pfSense package. If you are one of the many existing users of pfSense in VMware, you should consider installing that package.
Read the rest of this entry »

pfSense 1.2.1-RC2 now available

Friday, November 21st, 2008

pfSense 1.2.1-RC2 is now available for testing. This is the first official RC release of 1.2.1, and we believe it eliminates all regressions that have been found since the first 1.2.1 snapshots were made available 4 months ago. Plus it fixes several bugs in 1.2.

1.2.1-RC2 VMware Appliance is also available.

The changes from 1.2 release:

  • Numerous changes to accommodate differences in FreeBSD 7.0. Lesson learned here – we hoped 1.2.1 would be a fast release cycle, but it ended up being a significant amount of work because of the changes in FreeBSD from 6.2 to 7.0. It’s certainly for the better, as 7.0 brings improved performance, more and better hardware support, enhanced wireless capabilities, and more.
  • Read the rest of this entry »

The Road to QoS

Monday, November 17th, 2008

Check out a new blog that goes over the improvements of the pfSense traffic shaper in 2.0.  Basically we are on the road to protocol inspection / classification.

This will be very exciting once the work is completed!!

Linked in pfSense software users group

Tuesday, November 11th, 2008

Use linked in?   Join our pfSense software users group!!

WPA no longer considered reliable?

Thursday, November 6th, 2008

There are a number of stories making the rounds today about how WPA has been cracked, though “it’s not as bad as you think…yet”.

WPA2 when using TKIP is also affected.

Running a VPN on top of your wireless encryption can offer additional protection, and you may want to consider such a deployment regardless of the wireless encryption deployed in your network. Whether pfSense is your AP, or your APs connect to it, it can provide VPN services to internal users on your wireless network, and you can restrict all traffic coming in from your wireless network to only access the VPN. Then after successfully authenticating to the VPN, users can access your internal network and/or the Internet.

Edit:  SANS has a good webcast on this topic for those interested in details.

pfSense 1.3 is now 2.0

Thursday, October 30th, 2008

The pfSense version formerly known as 1.3 will be 2.0 going forward. The build system changes, renaming of the board on the forum, etc. will be happening bit by bit over the next week or two. This was done for two reasons.

1. This release brings numerous very significant changes, and going from 1.2 to 2.0 is more indicative of that. The configuration for 2.0 systems is not backwards compatible with 1.2.x, which is another good reason to stress the level of change by bumping the version number.
Read the rest of this entry »

pfDNS theme preview

Tuesday, October 28th, 2008

As probably not everybody wants to install or has time to install pfDNS I would like to post a screenshot of the work in progress here for those who are interested. Feel free to leave a comment and it might have influence on the final product :-)

Edit: New Screenshot posted (I have made all the suggested changes so far). Keep the feedback coming, I appreciate it!

Appliance building with pfSense – Introducing pfDNS!

Sunday, October 26th, 2008

While reworking the builder system for a commercial client that is
basing their appliance on pfSense we needed a builder target that
could be public and show how to build an appliance from scratch.

Therefore, pfDNS is born!



pfDNS is a customized pfSense installation featuring the TinyDNS server package.   Host DNS using this appliance.   XMLRPC sync support to secondary nameservers means you only need to enter the information on the primary name server making administration a breeze for your primary and secondary name servers.  Depending on how popular this gets we might add a website and start making regular releases :)

To see how pfDNS was created, check out

Building this appliance could not be easier!  Simply copy
tools/builder_scripts/builder_profiles/pfDNS/ to
/home/pfsense/tools/builder_scripts/ and run and presto!

I hope this example appliance will help others on their quest when
building a custom appliance based on the pfSense framework.

Edit: updated version available based on FreeBSD 8 and a newer DNS package with a number of bug fixes. 

What do you all think?  Leave comments in the blog.

Also, Holger is working on some artwork that I will get in there soon..  I’ll
post an updated ISO at that point (just look for a newer mtime).

EDIT:artwork added, it is a work in progress but gives a better idea of how the builder system can customize an appliance.

Calling all themers – improving theme support in 1.3

Monday, October 13th, 2008

Work is underway to remove any hard coded theme items!!

If you would like to work on a theme or have worked on a theme in the past and you find something that is hard coded that you cannot change, please e-mail with the hard coded details and we will get that corrected.