Main conrainer

September’s pfSense Fundamentals and Practical Application Course

Last weekend pfSense University had another successful pfSense Fundamentals and Practical Application Course, co-taught by Co-Founder Chris Buechler and Principal Engineer George Phillips. We had attendees from across the globe and from varying industries attend this two day course which includes a hands on lab. Not only is this a great venue to learn the complexities of pfSense, but it’s an opportunity to meet some of the pfSense team as well as share notes with other talented pfSense users. Look forward to more courses in the future.

Chris and George doing some hands on training.

Note the free coffee.

Chris assisting while George teaches.

George assisting while Chris teaches.

2.1.5 RELEASE Now Available

The 2.1.5 release follows shortly after 2.1.4 and is primarily a security release.

Security Fixes

Other Fixes

  • Handle a missing DHCPD config section properly during a configuration upgrade
  • Fix a regression that broke CARP+IP alias VIP functionality
  • Fix the Pass, Block, Reject and Interface filters in the Firewall Logs Widget [#3725]
  • Use HTTPS for dyndns providers that support it
  • Avoid resetting the firewall hostname from a WAN DHCP server [#3746]
  • Add missing qlimit keyword in some shaper rules
  • Change Cancel button to call history.back() when editing firewall aliases to fix issues with IE 11 [#3728]
  • Allow hostnames in bulk import since they are valid entries in a network type alias
  • Fix input validation logic on diag_testport.php, escape more shell arguments for good measure
  • Escape the individual dnsmasq advanced/custom options
  • Encode the detail field of an alias entry before displaying its contents back to the user
  • Encode interface/VIP descriptions before displaying them on the NTP daemon settings, and GIF/GRE interfaces
  • Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary
  • Shorten the wait at “reload” in startup wizard to 5 seconds from 60
  • Do not execute DNS lookups on GET, only pre-fill Host box so the user can press the button to execute
  • Turn alias creation links from DNS lookups into submit buttons for POST
  • Remove javascript alert DNS resolution action from the firewall log view. It was already removed from 2.2, and it’s better not to allow a GET action to perform that action
  • Require click-through POST confirmation when restoring or deleting a configuation from the backup history page
  • Avoid a “Cannot use string offset as an array” error if the packages section of the config is missing
  • Avoid generating an invalid IPsec (racoon) config if the user specified a mobile pool that is too small
  • IPsec phase 2 pinghost was not used if the source IP was a virtual IP address [#3798]
  • Move dhcp6c log to dhcpd.log [#3799]
  • Do not reset source and destination port range values when it’s an associated rule created by NAT port forward. [#3778]
  • Added to list of extensions loaded for filter_var() support.
  • The pfSense PHP module was setting the subnet mask of lo0 to /0, which could break some routes and cause other unintended routing side effects.
  • August Hang Out – Network Address Translation

    Our August hang out will be next Friday, August 15, at 13:00 US Central time. Join us for around an hour and a half of coverage of NAT, with time for questions to follow.

    NAT is among one of the most widely used features in pfSense and one we haven’t yet gone over in detail in a hang out. Topics covered will include the following.

    • How NAT functions in general terms, and specifically with pfSense
    • Uses of NAT – more than just connecting your private network to the Internet.
    • NAT’s interaction with firewall rules
    • Live configuration examples of redirection using port forwards, 1:1, and outbound NAT
    • Troubleshooting guidance

    Being tied up in the time-consuming materials preparation for our first pfSense University class last week, I unfortunately didn’t have time to adequately prepare for a hang out in July. We’ll make that up to you with an extra session in August or September, date to be determined.

    This is an exclusive benefit for our Gold subscribers. The link to join the session can be found after logging into your account in the members area.

    Thanks for your support, and look forward to having you there!

    Here is a preview of the hangout:

    Customer Support Engineer Position at pfSense

    Electric Sheep Fencing, the company behind the pfSense project, is expanding the service and support organization to meet increasing customer demand. As such, we’re looking for someone who can fill the role of a Customer Support Engineer. This role is ideally located in Austin, Texas, but can be modified to a remote/work-from-home role to accommodate a very qualified candidate outside of Austin.

    If you’re interested, please download the full job description

    No phone calls, please.

    Five Things to Know About pfSense

    (1) The pfSense store now sells hardware! Working with various manufacturers, we’ve put together a wide range of throughly-tested pfSense appliances that are bundled with 1-year of support. Go to the store for more information.

    (2) The pfSense team now does professional services. This includes penetration testing, CARP configuration, network design, conversion from your old firewall to pfSense, and systems/infrastructure install. Please see our professional services page for more information.

    (3) There’s only one place to get official pfSense Training. Our August class is full! Our next class is September 5-6 in Austin, Texas! Use coupon code BBC425FF for an instant $500 discount! Details are at pfSense University

    (4) pfSense Gold is our premium membership subscription program, designed to provide special benefits to our members while supporting ongoing development of the Open Source pfSense project. The membership is a great way to enhance your ownership of one of our appliances with access to the official pfSense book, monthly on-line meet-ups, and more! Get more info here!

    (5) Anyone purchasing a support-eligible product in the month of AUGUST will receive a coupon code for a FREE one year subscription to pfSense Gold (a $99.00 value). Eligible products include the VK-T40E pfSense® Firewall Hardware Appliance, C2758 1U pfSense® Firewall Hardware Appliance, and our latest offering, the FW-7551 pfSense® Firewall Hardware Appliance. Just e-mail your invoice from the store after purchase to help [at] pfSense [dot] org to request your code!

    Head on over to the pfSense store and get yours today.

    2.1.4 RELEASE Now Available

    2.1.4 follows very shortly after 2.1.3 and is primarily a security release. Refer to the 2.1.1 release notes, 2.1.2 release notes, and 2.1.3 release notes for other recent changes.

    Security Fixes

    Packages also had their own independent fixes and need updating. During the firmware update process the packages will be reinstalled properly. Otherwise, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
    Read the rest of this entry »

    June 2014 Hang Out – Firewalls and Virtualization

    Our June 2014 hang out is Friday, June 27 at 13:00 US Central time. This month’s topic is firewalls and virtualization. This is an exclusive benefit for our Gold subscribers. Subscribers will find the meeting link after logging in to the members section. If you’re not yet a subscriber, sign up now and you’ll get immediate access. If you can’t make the live event, the video and audio recording and slides are available for members to download within a few hours of the session’s completion.

    As companies and individuals have virtualized their server infrastructures, they have also looked to virtualize their firewalls. This brings many questions to mind. Is it a good idea? Is it secure? How does it work? What are my options for configuration? Can I get adequate performance?

    pfSense Co-founder Chris Buechler will answer all these questions and more during June’s hang out.

    Attendees will come away with the knowledge of where virtualized firewalls may be a good fit, where they’re probably a bad idea, the potential security implications, knowledge of the various network configuration options available in hypervisors, options for handling high availability, and more. Both desktop-class and server-class products will be covered, including bhyve, Hyper-V, KVM, Parallels, VirtualBox, VMware (Workstation, Player, Fusion and ESX/ESXi), and Xen.

    Usage areas covered will include production systems, test and development environments, and fun but ugly hacks that can work temporarily if you’re in a bind.

    Here is a preview of the hangout:

    New Hardware!


    At NEW-HQ (Netgate / ESF World HQ), we are makers of both hardware and software. We also sell hardware.

    Someone has to assemble and test the hardware we sell, and that involves powering up each system in order to test it.

    In order to make the process smoother/faster, we’re building a little controllable power-board. You can think of this as a serial-controlled power strip, but its a wee bit more sophisticated than that. The hint about it’s future uses is in the mis-match between the fuses mounted in the laser-cut acrylic and the number of pads for the solid-state switches.

    The micro-controller used here is an Atmel ATMEGA328P, the same as your garden-variety arduino. While we’ve been working on porting pfSense to smaller systems such as the Ubiquiti Edge Router Lite, I doubt we will ever make pfSense run on anything as small as the atmega328.



    This is really Jeremy’s project, I’m just reporting on it. More when it’s finished. Enjoy the photos.

    Announcing pfSense University

    After months of preparation and high customer demand for official pfSense training, Electric Sheep Fencing, the company behind the pfSense project, is very excited to announce our new training initiative, pfSense University

    Our first class, “pfSense Fundamentals and Practical Application” is a two-day event which will cover common usage scenarios, deployment considerations, step by step configuration guidance, and best practices. This course will also enhance your skills and abilities to install, configure and support pfSense in your environment. We have scheduled two sessions of this class – one in August and one in September.

    To get more information about this class and to sign up, please see pfSense University!

    Introductory price is $1999.00 per class, but use promotional code BBC425FF on the sign-up page for an instant $500 discount!

    In addition to official pfSense training, attendees will receive a one-year subscription to pfSense Gold, a pfSense T-shirt, and an entry into a raffle to win a VK-T40E2.

    Breakfast and a lunch buffet are provided both days.

    Register quickly! Each class is limited to 20 participants!

    Please send any questions to

    Service Offerings and Community Outreach

    In the last couple of months, I have been working on expanding the role of our engineers and support organization at ESF from focusing solely on pfSense to becoming a “full-service provider” that can address and solve problems in conjunction with, but outside the immediate scope of pfSense.  Our team has decades of engineering experience that can be leveraged to provide a much broader scope of services and support than we have provided in the past.

    Two months ago, we launched our professional services offerings to the public, with no advertising and only responding to unsolicited inquiries from existing customers. The results have been overwhelming! So I wanted to take this time to officially announce our professional services and see how you might leverage our experience to your advantage.

    To read more about our professional services offerings, please read our professional services page.

    Finally, our organization is growing in a number of ways. Primarily in the number of customers we support on a daily basis.  Brand recognition and community interaction are certainly looking up! Much of what we do and the business decisions we make is based in part on feedback from the community. I wanted to provide this opportunity to provide your feedback so that we may better serve you. Suggestions can be sent to  While we may not respond to all, I assure every e-mail is read.