Main conrainer

pfSense at Hack@UCF

Back in March, we donated a pfSense Gold subscription and a Dell R200 to Hack@UCF, a computer security club at the University of Central Florida.

We’ve received word that UCF’s Collegiate Cyber Defense Competition Team won the Raytheon National Collegiate Cyber Defense Competition a few weeks ago.

Though the team is not allowed to say much about what happens at CCDC due to various competition-related stipulations, one of the team members has blogged about Hack@UCF’s and the CCDC team’s usage of pfSense, which primarily covers pfSense in active use as a perimeter firewall and VPN solution.

The local news did a segment on the team.

Congratulations to Knightsec!

Announcing the May 2014 pfSense Hangout!

When: Friday, May 23, 2014 @ 1300hrs (1:00pm) central US time.

This month’s topic is an introduction to the packet capture functionality in pfSense, and fundamentals of packet analysis, allowing you to interpret its output.

Packet analysis is the best and fastest approach to troubleshooting a wide range of network, routing and firewall-related issues. But many people are overwhelmed by the output and aren’t sure how to use or interpret it.

While some circumstances require extensive knowledge of the protocols in use to successfully analyze a packet capture, many issues can be analyzed easily with a basic understanding of the concepts involved.

Attendees will come away with the knowledge required to use packet captures to troubleshoot common problematic scenarios such as port forwards, 1:1 NAT, Outbound NAT, virtual IPs, CARP, routing between networks and routing across VPNs.

In order to take part in this hangout, you will need to be a pfSense GOLD subscriber. If you don’t have a Gold subscription, get it now!  The link to the hangout will be in your account as soon as it’s available.

2.1.3 RELEASE Now Available

pfSense release 2.1.3 follows very shortly after pfSense release 2.1.2. pfSense 2.1.3 is primarily a security release.

Security Fixes

Although these security issues warrant upgrading in your next maintenance window, they aren’t applicable to our default configuration and won’t impact the average user. According to the FreeBSD SA, the TCP flaw is mitigated by scrub in pf, which is enabled by default in pfSense. The OpenSSL flaw is not used by any daemons in the pfSense base system and only certain packages make use of the affected feature, so the impact there is also minimal.

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.

Read the rest of this entry »

April Hangout – Introduction to Multi-WAN

Our April 2014 hang out is this afternoon at 13:00 US Central time. This month, co-founder Chris Buechler will cover “Introduction to Multi-WAN”. The community voted for this topic, so we’re going to deliver! Gold subscribers can find the link after logging into the members area, as usual. The recording and slides will be available for subscribers within a couple hours of the meeting’s completion. If you don’t have a Gold subscription, get it now!

Subscribers can find the link to the meeting after logging into the members area.

2.1.2 Release Now available

pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1.  pfSense 2.1.2 is primarily a security release.

Security Fixes

The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled.   If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
Read the rest of this entry »

2.1.1-RELEASE now available

I’m happy to announce the release of pfSense 2.1.1.

The largest change is to close the following security issues / CVEs:

  • FreeBSD-SA-14:01.bsnmpd / CVE-2014-1452
  • FreeBSD-SA-14:02.ntpd / CVE-2013-5211
  • FreeBSD-SA-14:03.openssl / CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

Other than these, the em/igb/ixgb/ixgbe drivers have been upgraded to add support for i210 and i354 NICs.   Some Intel 10Gb Ethernet NICs will also see improved performance.

The release is making its way to the mirrors now. The complete list of significant changes can also be found here including more details on the above.

March Hang Out Today – Squid and Squidguard

Our March 2014 hang out is this afternoon at 13:00 US Central time. This month, Jim Pingle is presenting on Squid and Squidguard, the winner of the poll on the forum where the community voted on the next topic. Gold subscribers can find the link after logging into the members area, as usual. The recording and slides will be available for subscribers within a couple hours of the meeting’s completion, along with a fun sample page Jim’s put together.

Mark your calendars for April 18 at the same time for next month’s session.