Released: pfSense 2.0

Chris Buechler has announced pfSense 2.0: 2.0 Release available

I’m proud to announce the release of version 2.0. This brings the past three years of new feature additions, with significant enhancements to almost every portion of the system. The changes and new features are summarized here. This is by far the most widely deployed release we’ve put out, thanks to the efforts of thousands of members of the community

Read the release post for update instructions, training sessions, credit, documentation etc

Links: pfSense website | Features and changes | Downloads

Quick news: Firewalls, VirtualBSD, pfSense

Below three links to posts on pfSense and VirtualBSD

Techsource has an overview of 5 firewalls, one of which is the FreeBSD based pfSense.

If you’re having a small computer network at home or a huge office with hundreds of desktops, cyber security is something you can never compromise on. One thing that is a quintessential part of security is something we call a firewall.

A firewall is like the security guard at your door who keeps a watch on everyone who goes in and out. By allowing only legitimate connections to pass through and blocking connections based on a certain set of rules, the firewall secures the network from most kinds of threats that lurk around on the Internet. … continues

VirtualBSD review – Sneak a peak at FreeBSD

FreeBSD is a UNIX-like operating system, designed to be super stable and super secure. As such, it is probably not the simplest one to tame and run on a daily basis. Unfortunately, reliability and robustness do not always fully align with the mass-usage model of friendliness.

BSD developers realize this. So they released VirtualBSD, a VMware virtual appliance built using Xfce desktop with a very pretty theme and lots of programs and utilities preinstalled. VirtualBSD is intended for people who have never tried BSD or never dared try, did not have the right hardware for the task, or former users struck by nostalgia. Whatever the motives, testing VirtualBSD has never seen easier.

The article concludes with:

While the virtual machine test is far from being a real-life example of how simple or difficult or well-integrated a desktop is, VirtualBSD is a pleasant, refreshing diversion from the mainstream of free operating systems. It is an excellent technology demonstrator. The appliance testdrive proves that BSD is not a monster. Far from it; it’s a witty, charming, highly useful platform that anyone could use.

Even if you never intend on using BSD on your machine as the primary desktop, VirtualBSD could shatter some of your fears and misconceptions about the dreadful UNIX. It may not eclipse the Linux just yet, and probably never will, and it does not have to. What it can do is become another alternative should you need it, should you seek it. Overall, VirtualBSD delivers a handsome punch of good quality in all aspects of the desktop usage, aesthetics, availability of programs, codecs, everything. Quite a surprise and a breath of fresh air.

Looking back at my flirtations with the BSD family, things are getting better, significantly. The critical turning point is not there yet, but in time, this operating system might stir the flames of competition in the software world. For the time being, you have the perfect appliance to play with and sharpen your UNIX skills.

Read the whole article: VirtualBSD review – Sneak a peak at FreeBSD

FreeBSD PF updated to 4.5 for FreeBSD 9

Bjoern Zeeb committed PF 4.5 into FreeBSD HEAD for the 9 release (which will be the basis of pfSense 2.1), ported by Ermal Luci with help from Bjoern and Max Laier. Much of this work was funded by pfSense / BSDPerimeter, aside from volunteer efforts from Bjoern and Max providing some guidance along the way and Bjoern especially for review and assistance. (full post: FreeBSD PF updated to 4.5 for FreeBSD 9)

pfSense 2.0-RC3 now available

Chris Buechler has announced Release Candidate 3 (RC3) of the upcoming pfSense 2.0. Changes and revision history can be tracked on github.

If you’re keen to find out what’s been added and changed in 2.0 in general, have a look at the pfSense 2.0 new features and changes page. The final release can be expected in about four weeks time.

Links: pfSense | pfSense RC3 announcement (pfSense blog)

pfSense FAQs

pfSense is an open source distribution of FreeBSD-based firewall which provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options.

Matt Williamson takes a look at some frequently asked questions on pfSense such as:

  • Q: What are the minimum hardware requirements for pfSense?
  • Q: How does pfSense identify and assign interfaces?
  • Q: How to enable the Secure Shell (SSH) service in pfSense?
  • Q: How does pfSense assign DNS servers to the DHCP clients?
  • Q: What happens if the Register DHCP Leases in DNS Forwarder is enabled?
  • Q: What is an alias? What are the different types of aliases in pfSense?
  • Q: How does the OpenVPN service work?
  • Q: What are Gateway Groups?
  • Q: How are bridged interfaces useful and how can one bridge together two interfaces in pfSense?
  • Q: What is OLSR and how is it enabled in pfSense?
  • Q: How to configure pfSense to automatically back up its configuration file?

For the answers, check out the pfSense FAQ page on the PacktPub website or the purchase the Matt’s pfSense 2 Cookbook for many more answers and guides.

Configure advanced features with pfSense 2.0 (Packt Pub’s new book)

Packt Publishing, the publishers of Learning FreeNAS, are now in the process of publishing pfSense 2 Cookbook.

This book helps users discover the power of pfSense‘s core functionality. It is written by Matt Williamson and is filled with examples of interfaces, firewall rules, NAT port-forwarding, VPN services, etc.

pfSense 2 Cookbook helps readers determine their deployment scenario, their hardware, throughput, andinterface requirements, and to select the right platform version of pfSense. They will be able to configure essential networking services such as DHCP, DNS, Dynamic DNS, and will be able to provide external Remote Desktop Access to an internal machine.

Through this book readers will learn to create multiple WAN interfaces, virtual IPs, a virtual LAN, gateways, and bridged interfaces. They will be able to configure traffic-shaping and Quality of Service (QoS), firewall redundancy with a CARP firewall failover, and external logging with syslog.

Talking about CARP, I came across a very interesting site explaining how to set up a CARO cluster, step-by-step: http://pfsense.basis06.com/download/tutorials/carp/carp-cluster-new.htm. There’s enough material available and howtos explaining how to set this up, but this little demo, is super clear.

When I have read the book, I’ll let you know more about the contents.

More information can be found here: pfSense 2 Cookbook, and a free chapter, dealing with DHCP and DNS, can be downloaded here: pfSense 2 Cookbook – sample chapter.

pfSense: Build an UTM, and 2.0-RC1 available

smallnetbuilder.com has an article (Build your own UTM with pfSense) showing what you can do with pfSense as Unified Threat Management appliance, esp. with regards to
Intrusion Detection and Prevention, Anti-Virus, Content Filtering, Anti-Spam and Traffic Control.

The concept of Unified Threat Management is straightforward: on the outer reaches of your network perimeter, you install an appliance that stops all possible threats to your network, an über firewall, as it were. The fact of the matter is that UTM hardware is expected to completely overtake separate network protection hardware.

[...]

pfSense can perform all these functions to some extent. To judge how well pfSense meets these UTM requirements, I’ve given a subjective grade to each set of UTM function groups. Once we’ve defined how these functions thwart threats, and how pfSense meets those challenges, we’ll upgrade Cerberus, and see how it performs as a UTM. more

The article concludes with:

With pfSense, this content is largely free – making pfSense, with all of its patchwork flaws, very compelling. The value proposition of pfSense is significant. It is free, open, and no expensive subscriptions are needed to protect your network. Free something is better than nothing.

Chris Buechler has also announced the availability of pfSense 2.0-RC1 (pfSense 2.0-RC1 now available):

Years and many thousands of hours in the making, pfSense 2.0 Release Candidate 1 is now available!

Check it out, test it, and leave feedback on the pfSense forums

Miscelaneous (Free)BSD news and links (Week 2)

I End of Life Announcement for PC-BSD 7.x

With the release of version 8.2 just around the corner, and PC-BSD 9.0 slated for later this year, we will be stopping the production of new packages / PBIs for the PC-BSD 7.x series in the near future: End of Life Announcement for PC-BSD 7.x

II Required: Senior FreeBSD/UNIX/Linux Administrator

You might be our next Sr. Systems Engineer: Senior FreeBSD/UNIX/Linux Administrator

III FreeBSD: Virtual Network Switch

In the previous post, I have mentioned about I’m going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below: FreeBSD: Virtual Network Switch

IV Installing pfSense on an Alix.6e1

The ALIX.6e1 hardware platform:

2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6 : Installing pfSense on an Alix.6e1

pfSense development in 2011

Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.

As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. (m0n0wall vs pfSense).

Chris Buechler emailed the following update for 2011:

“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.

After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”

Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.

If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.

pfSense website | pfSense blog