A reminder that we’ll be presenting a half day pfSense 2.0 training tutorial at EuroBSDCon 2010, coming up in just over two weeks. This is a great opportunity to learn more about the projects, and meet at least two of our main developers in person, as well as have discussions with us outside of the normal conference schedule. Look forward to seeing many of you there.
The schedule has been posted for NYCBSDCon 2010, to be held at Manhattan’s prestigious Cooper Union on November 12-14, 2010. I will be there presenting a talk on pfSense, covering what we’ve been doing lately and where we’re going in the near future. The schedule looks great, hope to see many of you there!
EuroBSDCon 2010 will be held October 8-10, 2010 in Karlsruhe, Germany. I will be in attendance presenting a training-focused tutorial on pfSense 2.0. I’m also looking forward to numerous other great looking presentations.
The BSD conferences offer a great opportunity to learn and network with numerous people working on the BSD operating systems and derived projects, and are always a lot of fun too. I’m looking forward to another great conference, and hope to see many of you there.
Early registration is open through the end of this month.
Haven’t had a post up here in a while, but for anyone who watches our git repository, you know development never ceases. Vast amounts of work have gone into 2.0 this year, and it really shows. We’re deploying it in production, though generally recommend you don’t yet.
A work in progress list of 2.0 new features and changes is available. I think that has most of the changes, but it’s definitely missing some. If you notice anything that was missed, please leave a comment. We’ll be adding to it as we review the list more in the coming days.
It’ll be released sometime this year.
We will be having a half day training session on pfSense 2.0 at BSDCan 2010. It will cover as many of the changes in the 2.0 release as time permits. The schedule is not available yet, however registration is open. The full schedule will be available soon.
BSDCan is always a great conference, and we look forward to meeting many of you there.
For those who can’t make it, we will be doing the same training session online sometime after BSDCan.
The FreeBSD Foundation needs donations to meet their 2009 goal. They provide very important funding to the FreeBSD project, which serves as the base of the pfSense project. They are a not for profit organization, so your contribution may be tax deductible.
Our Christmas gift to the community is our 2.0 release reaching the beta milestone.
What does this mean? The release is feature complete, with no new features being added, and should stay relatively stable throughout the remainder of the development process. That’s not to say it’s production ready though, most of our developers are using it in production and have been for months, but unless you have a solid understanding of the underlying system and can manually verify the configuration, 2.0 is not yet for you.
To answer the inevitable “when will it be released?” – as always, “when it’s ready”. The release will happen sometime in 2010, but as for a more specific timeline, we can’t provide one at this time.
Read the rest of this entry »
1.2.3 release is now available! This is a maintenance release in the 1.2.x series, bringing an updated FreeBSD base, some minor enhancements, some bug fixes, and a couple security updates. We’ve been waiting a few weeks in anticipation of a FreeBSD security advisory for the SSL/TLS renegotiation vulnerability, which came last week and allowed us to finalize the release.
The primary changes from 1.2.2 are listed below.
Read the rest of this entry »
Glad to see two book reviews on Amazon already, both with five stars!
I was thrilled to have the foreword for the book written by one of my favorite authors, Michael W Lucas, the author of Absolute FreeBSD, Absolute OpenBSD, Cisco Routers for the Desperate, PGP & GPG, among other things. Thought I would share it here.
My friends and co-workers know that I build firewalls. At least once a month someone says “My company needs a firewall with X and Y, and the price quotes I’ve gotten are tens of thousands of dollars. Can you help us out?”
Anyone who builds firewalls knows this question could be more realistically phrased as “Could you please come over one evening and slap together some equipment for me, then let me randomly interrupt you for the next three to five years to have you install new features, debug problems, set up features I didn’t know enough to request, attend meetings to resolve problems that can’t possibly be firewall issues but someone thinks might be the firewall, and identify solutions for my innumerable unknown requirements? Oh, and be sure to test every possible use case before deploying anything.”
Refusing these requests makes me seem churlish. Accepting these requests ruins my cheerful demeanor. For a long time, I wouldn’t build firewalls except for my employer. pfSense lets me be a nicer person without having to actually work at it. With pfSense I can deploy a firewall in just a few hours — and most of that is running cables and explaining the difference between “inside” and “outside.” pfSense’s extensive documentation and user community offers me an easy answer to questions — “did you look that up?” If pfSense doesn’t support a feature, chances are I couldn’t support it either. But pfSense supports everything I could ask for, and with a friendly interface to boot. The wide userbase means that features are tested in many different environments and generally “just work,” even when interacting with the CEO’s kids’ Windows ME PC connected to the Internet by Ethernet over ATM over carrier pigeon. Best of all, pfSense is built on much of the same software I’d use myself. I trust the underlying FreeBSD operating system to be secure, stable, and efficient.
Security updates? Just click a button and reboot. You need new features? Just turn them on. pfSense handles clustering, traffic shaping, load balancing, integration with your existing equipment through RADIUS, IPsec, PPTP, monitoring, dynamic DNS, and more. Big-name industry suppliers charge outrageous fees to support what pfSense freely provides. If your employer insists on paying for support contracts, or if you just feel more secure knowing you can pick up the phone and scream for help, you can get pfSense support agreements very reasonably. If you don’t need a support contract, I happen to know that Chris, Jim, or anyone else with a pfSense commit bit will let grateful pfSense users buy them a beer or six.
Personally, I don’t build firewalls from scratch any more. When I need a firewall, I use pfSense.
– Michael W. Lucas