pfSense 2.0.1 release is now available. This is a maintenance release with some bug and security fixes since 2.0 release. This is the recommended release for all installations. As always, you can upgrade from any previous release to 2.0.1, so if you haven’t upgraded to 2.0 yet, just upgrade straight to 2.0.1. For those who use the built in certificate manager, pay close attention to the notes below on a potential security issue with those certificates.
Archive for 2011
7 years ago today, the name pfSense was settled on, and pfsense.org/com/net domains were registered. It’s grown from the volunteer efforts of a handful of people, to one of the most widely used platforms in the world, with a whole team of people making a living working on the project thanks to our support and reseller customers. Thanks to everyone who makes the project possible, and here’s to the next 7 years and beyond!
One of the common questions we get is how many installs are out there. While we don’t have any means of definitively knowing, we do have one metric that can be counted. Each month every system updates its IPv4 bogons list once, pulling from one of our servers. By counting the number of unique public IPs using FreeBSD’s fetch to pull that file within one calendar month, we know how many live installs are out there that have Internet connectivity at least.
October 2011 is the first month that number has exceeded 100,000, with a total of 103,137. We’re adding 3000 net new installs on average every month in 2011, with over 4000 additional installs in October.
This under-counts the total for several reasons:
2. Some systems do not have DNS configured and hence cannot fetch the update.
3. Some systems are on private internal networks that cannot reach the Internet.
4. Some networks have multiple systems that go out from a single public IP, which we only count once.
No telling how many total installs are actually out there, but it’s definitely in excess of 103,000.
Thanks to all our users for helping us reach this significant milestone!
Thanks to many of you who contributed to our hackathon fund. It was a great success. We had 6 developers together here in Louisville. The primary areas of focus were 2.1 development, in the following areas.
- Moving packages to PBIs – the package system in 2.1 will switch to using the PBI package system, originally from PC-BSD, though also used by some on stock FreeBSD installs. The benefit of using PBIs is each package has all its dependencies included in the package, which eliminates the dependency messes that can happen currently, such as one package requiring a certain version of a dependent package but another requiring a different version, uninstallation of one package stomping on another package by uninstalling a dependency it requires, uninstallation of a package breaking the base system by deleting things it uses (though we already work around that one automatically), easing clean uninstall of packages, amongst other benefits. This will be a great improvement in the package system for 2.1.
In a couple weeks, several of the developers will be coming together here in Louisville for another Hackathon, where we get together and work on various things related to the project for a week, as we’ve done approximately every 18 months since the project’s inception. This year we’ll have 7 developers, from 4 different continents. There isn’t a set agenda, though 2.1 release and IPv6 will be two items (of many) of focus. We like to make sure we can feed everyone, and provide coffee, beer, etc. for 7 days. Plus we’ve covered some travel expenses.
Whether you can just spare a few bucks for a fine beverage at Heine Brothers or Highland Coffee (both of which should be sponsors with the amount we spend there in a week), or enough for a few dozen pizzas, every bit helps!
After our coming session at EuroBSDCon 2011, we are planning to host a session in the US this year. It will be either one or two full days, and I’m leaning towards two but open to suggestions. It would likely be held in our home base of Louisville, KY, easily reachable by air or road.
In our past training sessions at BSDCan and EuroBSDCon, we’ve had between 15 and 70 people. This year looks like we’ll have about 40 at EuroBSDCon. We will have to charge more than the BSD conferences charge for a single tutorial, as they have sponsors who help cover the costs involved. I don’t know how much yet though. I need to get some kind of an idea of how many would attend, so I know what kind of venue. We won’t be selling out the Yum Center with 22,000 seats, but I’m not sure if we need space for 10 or 50. I would limit it to some reasonably low number, like 75 at most and maybe less. If this is something you would definitely travel to attend (depending on dates, cost), let me know in the comments or email.
Some people just can’t afford to travel, so we’ll also do what we can to provide live streaming, or at a minimum it will definitely be recorded for later purchase. Streaming capabilities may be dependent on the facility. We do have multiple 4G cards with pretty impressive performance, so that should suffice if nothing else. I expect we will find a way to offer this via live streaming on the Internet available for purchase. Those people will not be able to interact like those in person, simply watch and listen, and we’d probably bring up a special IRC channel for it.
To get an email when these things get finalized, make sure you’re on our announcements mailing list.
I’m proud to announce the release of version 2.0. This brings the past three years of new feature additions, with significant enhancements to almost every portion of the system. The changes and new features are summarized here. This is by far the most widely deployed release we’ve put out, thanks to the efforts of thousands of members of the community. We also have hundreds of customer systems that have been running 2.0 in production for months and years in some cases. More than 108,000 unique IPs have downloaded snapshots in 2011 from snapshots.pfsense.org alone, not counting downloads from the mirrors.
Read the rest of this entry »
Ermal Luci and I will be presenting a full day training tutorial at EuroBSDCon 2011, in Maarssen, The Netherlands on October 6, 2011.
This tutorial will be a training-focused session, covering many of the changes in the 2.0 release, both from the perspective of a new user and providing information on changes for existing users of the project. Common usage scenarios, deployment considerations, step by step configuration guidance, and best practices will be covered for many features. Many configurations will be demonstrated in a live lab environment. We will also cover the new functionality in pfSense 2.1, which is already being used in production for its IPv6 capabilities.
Registration is now open. We look forward to meeting many of you there!
Most features of the base system will be covered in good technical detail. It will not be simply an overview of features, we’ll do live demos to configure various scenarios, and get into configuration detail for many items.
Future US Date
We’re also in the planning stages for hosting a training session in the US later this year. It will probably be in Louisville, KY and last one or two full days. Sign up to our announcements list to be notified when it’s scheduled.
As our commercial side has grown to the point we employ multiple full time people dedicated to working on the project and related customer needs, we’ve also gotten much more involved in upstream development in FreeBSD. Today Bjoern Zeeb committed PF 4.5 into FreeBSD HEAD for the 9 release (which will be the basis of pfSense 2.1), ported by Ermal Luci with help from Bjoern and Max Laier. Much of this work was funded by us, aside from volunteer efforts from Bjoern and Max providing some guidance along the way and Bjoern especially for review and assistance.
4.5 is the last version of PF before the syntax changed in OpenBSD, and the consensus amongst FreeBSD developers was to not break everyone’s ruleset who is running PF in stock FreeBSD just by doing an OS upgrade, hence why 4.5 was the version of choice.
Where does PF in FreeBSD go from here? We’ve had discussions on this topic already amongst several FreeBSD developers, as well as including some of the OpenBSD guys, and have some rough plans in place for the next steps. More information on that will come later.
Thanks to Ermal, Bjoern and Max for getting this done!
I’m happy to announce what will likely be the final 2.0 release candidate, RC3, is now available. RC2 was a snapshots-only tag. The mirrors are currently syncing, with a few of them done already and the remaining will sync within the coming hours. If you’d like to view all the changes you can track the revision history in github. If you aren’t familiar with what’s been added and changed in 2.0 in general, see the 2.0 new features and changes page.
There are considerably fewer open issues on 2.0 right now than there were on 1.2.3 when it was released, and no major outstanding problems. 2.0 has gotten widespread use in production environments over the last year plus including in our most critical networks, and looks to be ready for release. We expect final release within a month, and consider RC3 the preferred release for all new installs.