Released: pfSense 1.2.2

pfSense logoChris Buechler has announced the availability of pfSense 1.2.2, a security and bug-fix release of the FreeBSD-based firewall system:

pfSense 1.2.2 released! Only five changes from 1.2.1, but we did want to get these issues fixed and an updated version out there:

  • setup wizard fix – removing BigPond from the WAN page on the setup wizard caused problems; 
  • SVG graphs fixed in Google Chrome; 
  • IPsec reload fix specific to large (100+ sites) deployments; 
  • bridge creation code changes – there have always been issues when attempting to bridge more than two interfaces; 
  • FreeBSD updates for two security advisories on January 7, 2009. 

Most users on 1.2.1 won’t have any need to upgrade to 1.2.2, but if any of the above applies to you, then upgrade to this version. 1.2.2 should be used for all new installs.

Links: Release Announcement | DownloadspfSense-1.2.2 LiveCD-Installer | Website

Released: pfSense 1.2.1

pfSense project logo

pfSense project logo

The pfSense project have announced the availability of version 1.2.1:

This is a strictly a maintenance release, meaning it contains only bug fixes in the pfSense code, no new features. Though we also upgraded the base OS from FreeBSD 6.2 to 7.0, which necessitated numerous changes in how things are configured. The change to FreeBSD 7.0 brings improved performance and more hardware support.

AnnouncementChangelog | Downloads

If you’re interested in pfSense or if you’re using it in a production environment, you may be interested in the Network Perimeter Redundancy with pfSense presentation that Chris Buechler will be doing at the DCBSDCon 2009.

What do you get when you cross an enterprise-class packet filtering subsystem with a graphical front-end for easy configuration and maintenance?  A throbbing headache for commercial vendors like SonicWALL, that’s what.

More details on the presentation can be found here.

To find the details of other 2009 FreeBSD related events and conferences, check my FreeBSD Events calendar.

5 Best Linux/BSD Firewall tools

Matt Hartley has written an article on Intranet Journal about (in his opinion) the 5 best Linux/BSD Firewall tools:

  1. IPCop
  2. pfSense
  3. M0n0wall
  4. SmoothWall
  5. Linux LiveCD Router

Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach.

Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.

He writes the following about m0n0wall and pfSense (both BSD firewalls):

M0n0wall

Regardless of a fantastic effort by IPCop, there is just something to be said about rocking solid BSD solutions. The first that comes to mind is that from m0n0wall. It’s small, 12 MBs small! That is the single biggest distinguishing thing to note about m0n0wall. Its size and portability, that is. Designed to be a replacement for those expensive firewall appliances used today, m0n0wall works on embedded machines, in addition to being quite useful on older x86 PCs as well.

Definitely a little more advanced from a usability standpoint than other solutions out there, but do not let this fool you, because m0n0wall is VERY powerful in all of its BSD goodness. This being said, it should be noted that even though m0n0wall is workable on a older PC, it shines best on embedded systems being used by more advanced administrators. Therefore, this is not a really good solution for new Windows converts looking to convert their old PC into something cool.

pfSense

From what I have been told, the pfSense project was started by the same people as m0n0wall. Those looking to revamp an older PC might be better off going with pfSense. Plenty of features to speak of. Most notable among them include:

  • Redundancy — By creating a fallover group, the network will remain secure even in the event of interfaces that go offline for some reason.
  • Load Balancing — Provides both inbound and outbound balancing between WAN connections or multiple servers, depending on which way the traffic happens to be going.
  • Captive Portal — Force the user to authenticate or simply find themselves redirected to wherever you wish.

Source (IntranetJournal – 16/12/2008)

PC-BSD 7.0.2 available

The PC-BSD Team is pleased to announce the availability of PC-BSD 7.0.2, with an updated FreeBSD 7.1-PreRelease under the hood and the latest KDE 4.1.3.

Version 7.0.2 contains a number of bugfixes and improvements. For a full list of changes, please refer to the changelog. Some of the changes are:

  • KDE 4.1.3
  • Improved desktop performance with Nvidia Cards
  • Improved NTFS write support
  • HAL fixes and improvements
  • Installation bugfixes

This version of PC-BSD can be downloaded and installed as a fresh install or, alternatively, can be updated to from PC-BSD 7.0.1 via the System Update tool or via a stand-alone PBI.

Many thanks for all the feedback we have received via the Forums and the Testing mailinglist.

Links: Download | Changelog | PBI Update

pfSense vs Smoothwall

So heres my dilemna for a project I’m working on.
I need a rather broad solution covering DNS, proxying, firewalling, VPN (both site to site and LDAP integrated user access), DHCP, supporting multiple DMZ servers along with routing support. This will act as the centre point for a 40 person network. Clearly hardware wise this will have to be quite a strong system, with load balancing being a possibility, at minimum hardware failover

Pros and Cons here

m0n0wall beta 12 and FreeBSD 7.0 based pfSense

The m0n0wall and the pfSense projects have released a beta and 2 alpha versions respectively.

m0n0wall 1.3 beta 12 is out, containing a new feature: IPv6 support (routing and firewalling). The change log and the download link can be found on the beta page.

pfSense has a 1.2.1 alpha snapshot available for testing. This version contains a few bug fixes and the base OS has changed to FreeBSD 7.0. There’s also a 1.3 alpha snapshot available for testing. This version brings significant changes from 1.2 and brings all the great new features that have been added to pfSense over the past 8 months.

For the pfSense download links, upgrade instructions and more information visit the pfSense blog.