pfSense is yet another opensource firewall which can turn your old PC into a fully functional Firewall. pfSense opensource firewall is based on the m0n0wall opensource embedded firewall with all the good features of m0n0wall and advanced addition features.
pfSense uses OpenBSD's ported packet filter, FreeBSD 6.1 ALTQ (HSFC) for excellent packet queueing and integrated package managegement system for extending with new features.
pfSense can be downloaded a Live CD which is also an installation CD or as an installation ISO for developer edition or an Embedded edition. For more info on the download packages, click here.
The software itself can be downloaded from here
A good set of install instructions are available here
More information on Hardware, minimum requirements and recommended vendor products, visit pfSense here
In additional to the existing features on m0n0wall firewall, pfSense has the special additional features. The following are some of the key additional features:
- Wireless a/b/g using wpa_supplicant with turbo, WEP, WPA-E/PSK and WPA2 (TKIP) support. Advanced support for wireless devices including HostAP-mode, hardware-encryption if supported by driver, mac-filtering, non-broadcasting SSID with FreeBSD6 supported wireless devices (atheros recommended for full functionality)
- Incoming/outgoing load balancing pools
- Multiple WAN Support
- PPPoE Server
- Setup wizard and package using xml -> web gui toolkit
- Realtime settings change to avoid reboots
- pf for openbsd's packet filter
- CARP – for failover and clustersyncing (rules, trafficshaper, nat, IPSEC SAs…)
- failovercapable DHCP-Server with advanced settings (specify gateway, DNS, WINS)
- Systemstatus with realtimegraphs including SWAP usage monitor
- ALTQ traffic shaping with integrated magic shaper wizard with Queuegraphs for Trafficshaper
- FTP-Proxy using Squid Transparent proxy
- proxy/masquerading for SIP-protocol using siproxd
- Anti-Spam-Proxy using assp
- Fake SMTP-Server as Spam-Tarpit using spamd
- Networkscanner for security auditing using nmap
- Enhanced traceroute using mtr
- enhanced configuration-system featuring a configuration history and partial config down-/uploads
- converting PF-status-massages to Cisco NetFlow-Datagrams using pfflowd
- PFStat Graphing
- Enhanced network history data using NTOP
- STunnel to wrap standard ports with SSL
- arpwatch to watch ethernet/ip-adress-pairings
- freeradius to Radiusserver
- iperf/netio for bandwidth-measuring
A Reader's Toolbox
After SY0-101, a small number of individuals are content with their N10-003 where as the rest go on to study 70-620. This group later covers 350-030 as well.
2 Comments