pfSense is a distribution kit for creating a firewall / router based on FreeBSD [1] [2] [3] . pfSense is designed to be installed on a personal computer, it is known for its reliability and offers functions that can often be found only in expensive commercial firewalls [4] . Settings can be made through a web-based interface, which allows you to use it without knowledge of the underlying FreeBSD system. pfSense is typically used as a perimeter firewall, router, DHCP / DNS server, and as a VPN hub / spoke.
| pfSense | |
|---|---|
 PfSense 2.1.5 web interface homepage | |
| Developer | BSD Perimeter LLC / Chris Buechler, Scott Ullrich |
| OS family | BSD |
| Based on | FreeBSD 10.1 since pfSense 2.2; FreeBSD 11.1 since pfSense 2.4 |
| Latest version | 2.4.4-RELEASE-p3 ( May 15, 2019 ) |
| Supported Platforms | |
| Kernel type | Monolithic core |
| License | Apache 2.0 |
| condition | Topical |
| Source code repository | |
| Next | |
| Web site | pfsense.org |
The name comes from the fact that pfSense helps to use the pf packet filtering tool from OpenBSD more deliberately for non-professional users [5] .
Content
History
The pfSense project was created in 2004 as a fork of the popular m0n0wall distribution by Chris Buechler and Scott Ullrich. From the very beginning, it was aimed at full installation on a computer, as opposed to the focus of m0n0wall on embedded systems. However, pfSense is also available as an image for CompactFlash-based embedded systems. Version 1.0 was released on October 4, 2006 [6] .
The name was formed from the abbreviation of packet filters - pf [7] .
Version 2.3 was developed, which brought a lot of improvements, including tools for centralized management of a large number of pfSense systems [8] . Version 2.3 contains full IPv6 support in basic services.
At the moment, version 2.3.4 is released, in which 24 errors and 11 functions were fixed [9] .
PfSense features
- Firewall
- State table
- NAT - Network Address Translation
- Redundancy - two or more firewalls can be combined into a fault-tolerant group; settings are also synchronized between them
- CARP - CARP from OpenBSD allows you to create hardware protection against failures. Two or more firewalls can be combined into a fault-tolerant group. In the event of a network interface failure on the main firewall, the active one becomes different. PfSense also provides the ability to synchronize settings: if settings are changed on one firewall, they will automatically be synchronized on another.
- pfsync - pfsync provides firewall state replication. This means that all existing network connections will be preserved if one of the firewalls fails, which is very important to ensure network resiliency.
- Outbound and Inbound Load Balancing - provides connection to several providers with a uniform distribution of traffic between them (the user who opens the web page does not notice that the elements of this page are loaded through different channels)
- VPN Server - IPsec , OpenVPN , PPTP
- PPPoE server
- Dynamic DNS
- DHCP server and gateway
- Proxy server
- Captive portal - redirect to a special web page for authorization for Internet access
- Monitoring and graphical reports using RRD
- LiveCD operation
- Support for software modules.
The most significant extensions:
- Squid - proxy server
- Snort - intrusion detection / neutralization system.
PfSense hardware requirements
When deploying a system with an expected throughput of less than 10 Mbps, the minimum system requirements are: a processor with a clock frequency of 100 MHz or more, RAM 128 MB or more.
A system with a bandwidth of 200 Mbps will require: a processor with a clock frequency of 1000 MHz, RAM at least 512 MB.
For a bandwidth of up to 500 Mbps you will need: a processor with a clock frequency of 2000-3000 MHz, a RAM of 1024 Mb or more.
To deploy a system with a data transfer rate of 1000 Mbps between two interfaces, Pentium 4 with a frequency of 3000 MHz or faster can be used with a PCI-X or PCI-e adapter, as PCI bus restrictions will prevent performance gains between two 1 Gb adapters. RAM 2048 MB or more.
Requirements for the amount of RAM are presented depending on the tasks. For example: it is required to organize an unconditional joint access to the Internet of a small enterprise at a data transfer rate to the provider of 100 Mbps. A sufficient configuration will be: a 1 GHz processor, 256 MB RAM. All the same thing + Internet access through a proxy server with statistics: - It is desirable to increase the amount of RAM to 512 MB.
Release History
- October 4, 2006 - pfSense version 1.0 [10] .
- October 20, 2006 - pfSense version 1.0.1 [11] .
- February 25, 2008 - pfSense version 1.2 [12] .
- December 26, 2008 - pfSense version 1.2.1 [13] .
- January 7, 2009 - pfSense version 1.2.2 [14] .
- December 10, 2009 - pfSense version 1.2.3 [15] .
- September 17, 2011 - pfSense version 2.0 [16]
- December 20, 2011 - pfSense version 2.0.1 [17]
- December 21, 2012 - pfSense version 2.0.2 [18]
- April 15, 2013 - pfSense version 2.0.3 [19]
- September 15, 2013 - pfSense version 2.1.0 [20]
- April 4, 2014 - pfSense version 2.1.1 [21]
- April 10, 2014 - pfSense version 2.1.2 [22]
- May 2, 2014 - pfSense version 2.1.3 [23]
- June 25, 2014 - pfSense version 2.1.4 [24]
- August 27, 2014 - pfSense version 2.1.5 [25]
- January 23, 2015 - pfSense version 2.2 [26]
- March 17, 2015 - pfSense version 2.2.1 [27]
- April 15, 2015 - pfSense version 2.2.2 [28]
- June 25, 2015 - pfSense version 2.2.3 [29]
- July 26, 2015 - pfSense version 2.2.4 [30]
- November 4, 2015 - pfSense version 2.2.5 [31]
- December 21, 2015 - 2.2.6 [32]
- April 12, 2016 - pfSense version 2.3 [33]
- May 04, 2017 - pfSense 2.3.4
- October 12, 2017 - pfSense 2.4.0
- October 16, 2017 - pfSense 2.4.1
- December 8 - pfSense 2.4.2
- December 12 - pfSense 2.4.2_1
- March 29, 2018 - pfSense 2.4.3
- September 24, 2018 - pfSense 2.4.4
- May 15, 2019 - pfSense 2.4.4-RELEASE-p3
See also
- m0n0wall
- Pf
- OPNsense
- IPCop
Notes
- ↑ You should be running a pfSense firewall | Infoworld
- ↑ Enterprises cut costs with open-source routers | Network world
- ↑ Multiple Vulnerabilities Patched in pfSense | SecurityWeek.com
- ↑ DIY pfSense firewall system beats other for features, reliability, and security - TechRepublic
- ↑ Configure a professional firewall using pfSense
- ↑ Happy 10th Anniversary to pfSense® Open Source Software
- ↑ So what does pfSense stand for / mean, anyway?
- ↑ pfSense 2.3-RELEASE Now Available!
- ↑ pfSense 2.4.3-RELEASE now available
- ↑ pfSense Digest: pfSense 1.0 RELEASED!
- ↑ pfSense Digest: pfSense 1.0.1 RELEASED!
- ↑ pfSense Digest: 1.2 Release Available!
- ↑ pfSense Digest: 1.2.1 Release Available!
- ↑ pfSense Digest: 1.2.2 Release Available!
- ↑ pfSense Digest: 1.2.3 Release Available!
- ↑ pfSense Digest: 2.0 Release Now Available!
- ↑ pfSense Digest: 2.0.1 release now available!
- ↑ pfSense Digest: 2.0.2 Release Now Available!
- ↑ pfSense Digest: 2.0.3 Release Now Available!
- ↑ pfSense 2.1-RELEASE now available!
- ↑ 2.1.1-RELEASE now available!
- ↑ 2.1.2 Release Now available!
- ↑ 2.1.3 Release Now available!
- ↑ 2.1.4 Release Now available!
- ↑ 2.1.5 Release Now available!
- ↑ 2.2-RELEASE Now Available!
- ↑ 2.2.1 RELEASE Now Available!
- ↑ pfSense Digest »2.2.2-RELEASE Now Available! . blog.pfsense.org. Date of treatment November 7, 2015.
- ↑ 2.2.3 RELEASE Now Available!
- ↑ 2.2.4 RELEASE Now Available!
- ↑ pfSense Digest »2.2.5-RELEASE Now Available! . blog.pfsense.org. Date of treatment November 7, 2015.
- ↑ pfSense Digest »2.2.6-RELEASE Now Available! . blog.pfsense.org. Date of treatment January 3, 2016.
- ↑ pfSense Digest »pfSense 2.3-RELEASE Now Available! . blog.pfsense.org. Date of treatment May 1, 2016.
Links
- pfsense.com - official PfSense website
- pfSense Features
- pfSense Screenshots
- PF: The OpenBSD Packet Filter
- Review & configuration tutorial at Free Software Magazine
- DIY pfSense firewall system beats others for features, reliability, and security at TechRepublic
- PfSense setup reviews
- Practical solutions in pictures in Russian pfSense (Russian) . Caution - the site is filled with Adware (Russian) !