Talk:PfSense

Latest comment: 19 days ago by Generically Named in topic Removal of content

OPNsense

edit

Mention the fork OPNsense and the ongoing controversy about pfSense not being actually free software (not all the source code is available). — Preceding unsigned comment added by 193.144.103.218 (talkcontribs) 09:42, 30 November 2017 (UTC)Reply

seconded. this is not open source as pfsense cannot be built from source out of the repos. — Preceding unsigned comment added by 2603:8001:6B00:833:9EED:986D:5A4A:1744 (talk) 04:11, 26 January 2021 (UTC)Reply

Here someone appears to have collected evidence on this: https://github.com/rapi3/pfsense-is-closed-source. Someone should have a critical look at this, other sources and/or try to build pfSense. If and when the evidence is deemed credible, the article should be changed. Hulten (talk) 12:35, 26 January 2021 (UTC)Reply
Agreed, pfSense is not open source - the source code cannot be reproducibly built outside of the owning organization. I'm not a master on Wikipedia policies but I urge someone who is to review the above linked repository and consider removing "open source" from the article as it's very disingenuous. Also, be prepared for a wave of edits as this is breaking on hackernews. 2003:EC:371C:5700:35CB:F105:A8EC:AE12 (talk) — Preceding undated comment added 16:12, 26 January 2021 (UTC)Reply
They recently launched a closed source branch called pfSense Plus which I have updated the article to reflect. The closed source github keeps being removed due to complaints but is valid to my knowledge; I'm not sure how that should be noted given that the majority of the code remains open source even if it can't be built.Cyrix2k (talk) 02:16, 13 March 2021 (UTC)Reply

2013 note

edit

It might be a good idea to organize popular packages into a table rather than a list — Preceding unsigned comment added by 216.114.236.63 (talk) 19:34, 4 September 2013 (UTC)Reply

Question

edit

Can anyone shed further light on the reasons why this page is being considered for deletion?Jenglish02 (talk) 05:08, 6 August 2015 (UTC)Reply

PfSense website content

edit

Moved here from the article. This is unsourced and is content for the product website. WP is not a proxy for their website.

Hardware requirements

pfSense 2.1 through 2.3 has low minimum system requirements (for example 256 MB RAM and 500 MHz CPU)[1] and can be installed on hardware with x86 or x86-64 architecture. Since 2.4, pfSense requires the x86-64 architecture, ending support for 32-bit installations.[2] Starting with 2.5, plans are to require cryptographic hardware acceleration, such as AES-NI.[3] It is also available for embedded system hardware using Compact Flash or SD cards. pfSense also supports virtualized installation.


Features
Install, update, packages, management
  • ISO CD and USB stick installer images (VGA and serial console variants) are available. NanoBSD/embedded installs supported with 2.3.x only.
  • Packaged support for extensions (see "Packages support" below)
  • Multi-language
  • Console, web-based GUI, SSH (if enabled) and serial management
  • RRD graphs reporting
  • Traffic shaping and filtering
  • Real-time information using Ajax
Functionality and connectivity
Firewall and routing
  • Stateful firewall
  • Network Address Translation
  • Filtering by source/destination IP address, protocol, OS/network fingerprinting
  • Flexible routing
  • It is also used as a Proxy Detection service. source — Preceding unsigned comment added by 46.2.169.255 (talk) 18:59, 21 March 2024 (UTC)Reply
  • Per-rule configurable logging and per-rule limiters (IP addresses, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway
  • Packet scrubbing
  • Layer 2/bridging capable
  • State table "up to several hundred thousand" states (1 KB RAM per state approx)
  • State table algorithms customizable including low latency and low-dropout
Packages support

Packages available with GUI install and configuration, among others:

  • Snort Intrusion detection and prevention
  • Suricata Intrusion detection and prevention
  • pfBlockerNG
  • OpenBGPD
  • FRR
  • HAProxy
  • Squid caching and reverse proxy with SquidGuard and ClamAV
  • FreeRADIUS
  • ntopNG
  • nmap
  • multiple monitoring and statistics packages (Darkstat, Zabbix Agent/Proxy, softflowd)
Version history
Version history
Version Release date Significant changes
1.0[4] October 4, 2006
  • The first official release.
1.0.1[5] October 29, 2006
  • Bug fixes
1.2[6][7] February 25, 2008
  • FreeBSD updated to 6.2
  • Reworked load balancing pools which allow for round robin or failover
  • Miniupnpd added to the base install
  • Much enhanced RRD graphs
  • Numerous Squid Package fixes
  • dnsmasq updated to 2.36
  • olsrd updated to 0.4.10
  • BandwidthD package added
  • PHP upgraded to 4.4.6
  • Lighttpd upgraded to 1.4.15
  • Numerous Bug fixes
1.2.1[8] December 26, 2008
  • FreeBSD updated to 7.0
  • Bug fixes
1.2.2[9] January 9, 2009
  • Setup wizard fix
  • SVG graphs fixed
  • (IPsec reload fix specific to large (100+ site) deployments
  • Bridge creation code changes
  • FreeBSD updates for two security advisories
1.2.3[10] December 10, 2009
  • Upgrade to FreeBSD 7.2
  • Embedded switched to nanobsd
  • Dynamic interface bridging bug fix
  • IPsec connection reloading improvements
  • Dynamic site to site IPsec
  • Sticky connections enable/disable
  • Ability to delete DHCP leases
  • Polling fixed
  • ipfw state table size
  • Server load balancing
  • UDP state timeout increases
  • Disable auto-added VPN rules option
  • Multiple servers per-domain in DNS forwarder overrides
  • No XMLRPC Sync rules fixed
  • Captive portal locking replaced
  • DNS Forwarder
  • Outbound load balancer replaced
2.0[11] September 17, 2011
2.0.1[12] December 20, 2011
  • Improved accuracy of automated state killing in various cases (#1421)
  • Various fixes and improvements to relayd
  • Fixed path to FreeBSD packages repo for 8.1
  • Various fixes to syslog
  • Removed/silenced some irrelevant log entries
  • Fixed various typos
  • Fixes for RRD upgrade/migration and backup (#1758)
  • Prevent users from applying NAT to CARP which would break CARP in various ways (#1954)
  • Fixed policy route negation for VPN networks (#1950)
  • Fixed “Bypass firewall rules for traffic on the same interface” (#1950)
  • Fixed VoIP rules produced by the traffic shaper wizard (#1948)
  • Fixed uname display in System Info widget (#1960)
  • Fixed LDAP custom port handling
  • Fixed Status > Gateways to show RTT and loss like the widget
  • Improved certificate handling in OpenVPN to restrict certificate chaining to a specified depth – CVE-2011-4197
  • Improved certificate generation to specify/enforce type of certificate (CA, Server, Client) – CVE-2011-4197
  • Clarified text of serial field when importing a CA (#2031)
  • Fixed MTU setting on upgrade from 1.2.3, now upgrades properly as MSS adjustment (#1886)
  • Fixed Captive Portal MAC passthrough rules (#1976)
  • Added tab under Diagnostics > States to view/clear the source tracking table if sticky is enabled
  • Fixed CARP status widget to properly show “disabled” status.
  • Fixed end time of custom timespan RRD graphs (#1990)
  • Fixed situation where certain NICs would constantly cycle link with MAC spoofing and DHCP (#1572)
  • Fixed OpenVPN ordering of client/server IPs in Client-Specific Override entries (#2004)
  • Fixed handling of OpenVPN client bandwidth limit option
  • Fixed handling of LDAP certificates (#2018, #1052, #1927)
  • Enforce validity of RRD graph style
  • Fixed crash/panic handling so it will do textdumps and reboot for all, and not drop to a db> prompt.
  • Fixed handling of hostnames in DHCP that start with a number (#2020)
  • Fixed saving of multiple dynamic gateways (#1993)
  • Fixed handling of routing with unmonitored gateways
  • Fixed Firewall > Shaper, By Queues view
  • Fixed handling of spd.conf with no phase 2’s defined
  • Fixed synchronization of various sections that were leaving the last item on the slave (IPsec phase 1, Aliases, VIPs, etc.)
  • Fixed use of quick on internal DHCP rules so DHCP traffic is allowed properly (#2041)
  • Updated ISC DHCP server to 4.2.3 (#1888) – this fixes a denial of service vulnerability in dhcpd.
  • Added patch to mpd to allow multiple PPPoE connections with the same remote gateway
  • Lowered size of CF images to again fix on newer and ever-shrinking CF cards.
  • Clarified text for media selection (#1910)
2.0.2[13] December 21, 2012
  • Bug fixes
  • Security fixes
2.0.3[14] April 15, 2013
  • Bug fixes
  • Security fixes
2.1[15] September 15, 2013
  • IPv6 Support
  • Upgrade to FreeBSD 8.3
  • Updated Atheros drivers
  • OpenSSL 1.0.1e (or later) used by OpenVPN, PHP, IPsec, etc.
  • PHP to 5.3.x
  • OpenVPN to 2.3.x
  • Added mps kernel module
  • Added ahci kernel module
  • Updated ixgbe driver
  • Numerous Bug fixes
  • Security fixes
2.1.1[16] April 4, 2014
  • Security fixes
2.1.2[17] April 10, 2014
  • Heartbleed OpenSSL Security fixes
  • Bug fixes
2.1.3[18] May 2, 2014
  • Security fixes
  • Bug fixes
2.1.4[19] June 25, 2014
  • Security fixes
  • Bug fixes
2.1.5[20] August 27, 2014
  • Security fixes
  • Bug fixes
2.2[21][22] January 23, 2015
  • Upgrade to FreeBSD 10.1
  • Update the IPsec stack to include AES-GCM, and IKEv2
  • Update PHP backend from FastCGI to PHP-FPM
  • Update PHP to 5.5
  • Change from dnsmasq to the Unbound DNS Resolver
  • Numerous Bug Fixes
2.2.1[23] March 17, 2015
  • Security fixes
  • Bug fixes
2.2.2[24] April 15, 2015
  • Security fixes
  • Bug fixes
2.2.3[25] June 25, 2015
  • Security fixes
  • Bug fixes
2.2.4[26] July 27, 2015
  • Security fixes
  • Bug fixes
2.2.5[27] November 5, 2015
  • Security fixes
  • Bug fixes
2.2.6[28] December 21, 2015
  • Security fixes
  • Bug fixes
2.3 [29] April 12, 2016
  • Upgrade to FreeBSD 10.3
  • Rewrite of the webGUI utilizing Bootstrap
  • Numerous Bug Fixes
2.3.1 [30] May 18, 2016
  • Security fixes
  • Bug fixes
2.3.2 [31] July 25, 2016
  • Security fixes
  • Bug fixes
2.3.3 [32] February 20, 2017
  • Stability and Bug fixes
  • Fixes for a handful of security issues in the GUI
  • A handful of new features
2.3.4 [33] May 4, 2017
  • Stability and Bug fixes
  • Fixes for a handful of security issues in the GUI
  • A handful of new features
2.4.0 [34] Oct 12, 2017
  • FreeBSD updated to 11.1
  • New pfSense installer with support for ZFS, UEFI, and other partition layouts
  • OpenVPN 2.4.x support
  • GUI offers 13 different languages
  • Web GUI improvements
  • Certificate management improvements
  • Captive portal rewritten to include CSR signing and international character support
Version Release date Significant changes

References

  1. ^ "Hardware". Electric Sheep Fencing LLC. Retrieved 5 August 2015.
  2. ^ "64-bit support". Electric Sheep Fencing LLC. Retrieved 7 May 2017.
  3. ^ "pfSense 2.5 and AES-NI". Electric Sheep Fencing LLC. Retrieved 25 September 2017.
  4. ^ Cite error: The named reference Ullrich was invoked but never defined (see the help page).
  5. ^ Ullrich, Scott (October 29, 2006). "1.0.1-RELEASED!". pfSense Digest.
  6. ^ Ullrich, Scott (April 29, 2007). "1.2-BETA-1 released!". pfSense Digest.
  7. ^ Buechler, Chris (February 25, 2008). "1.2 Release Available!". pfSense Digest.
  8. ^ Buechler, Chris (December 26, 2008). "pfSense 1.2.1 released!". pfSense Digest.
  9. ^ Buechler, Chris (January 9, 2009). "pfSense 1.2.2 released!". pfSense Digest.
  10. ^ Buechler, Chris (December 10, 2009). "pfSense 1.2.3 released!". pfSense Digest.
  11. ^ Cite error: The named reference 2.0 was invoked but never defined (see the help page).
  12. ^ Buechler, Chris (December 20, 2011). "2.0.1 release now available!". pfSense Digest.
  13. ^ Buechler, Chris (December 21, 2012). "2.0.2 release now available!". pfSense Digest.
  14. ^ Buechler, Chris (April 15, 2013). "2.0.3 release now available!". pfSense Digest.
  15. ^ Cite error: The named reference 2.1 was invoked but never defined (see the help page).
  16. ^ Thompson, Jim (April 4, 2014). "2.1.1-RELEASE now available". pfSense Digest.
  17. ^ Thompson, Jim (April 10, 2014). "2.1.2 Release Now available". pfSense Digest.
  18. ^ Dillard, Jared (May 2, 2014). "2.1.3 RELEASE Now available". pfSense Digest.
  19. ^ Dillard, Jared (June 25, 2014). "2.1.4 RELEASE Now available". pfSense Digest.
  20. ^ Dillard, Jared (August 27, 2014). "2.1.5 RELEASE Now available". pfSense Digest.
  21. ^ Cite error: The named reference Buechler was invoked but never defined (see the help page).
  22. ^ Cite error: The named reference distrowatch.com was invoked but never defined (see the help page).
  23. ^ Buechler, Chris (March 17, 2015). "2.2.1 RELEASE Now available". pfSense Digest. Retrieved 13 April 2015.
  24. ^ Buechler, Chris (April 15, 2015). "2.2.2 RELEASE Now available!". pfSense Digest. Retrieved 15 April 2015.
  25. ^ Buechler, Chris (June 25, 2015). "2.2.3 RELEASE Now available!". pfSense Digest. Retrieved 7 July 2015.
  26. ^ Buechler, Chris (July 27, 2015). "2.2.4 RELEASE Now available!". pfSense Digest. Retrieved 27 July 2015.
  27. ^ Buechler, Chris (November 5, 2015). "2.2.5 RELEASE Now available!". pfSense Digest. Retrieved 1 December 2015.
  28. ^ Buechler, Chris (December 21, 2015). "2.2.6-RELEASE Now available!". pfSense Digest. Retrieved 1 December 2015.
  29. ^ Cite error: The named reference ReferenceA was invoked but never defined (see the help page).
  30. ^ Buechler, Chris (May 18, 2016). "2.3.1-RELEASE Now available!". pfSense Digest. Retrieved 18 May 2016.
  31. ^ Buechler, Chris (July 25, 2016). "2.3.2-RELEASE Now available!". pfSense Digest. Retrieved 25 July 2016.
  32. ^ Pingle, Jim (February 20, 2017). "pfSense 2.3.3 RELEASE Now Available!". pfSense Digest. Retrieved 20 February 2017.
  33. ^ Pingle, Jim (May 4, 2017). "pfSense 2.3.4 RELEASE Now Available!". Netgate Blog. Retrieved 4 May 2017.
  34. ^ Pingle, Jim (Oct 12, 2017). "pfSense 2.4.0-RELEASE Now Available!". pfSense Digest. Retrieved 12 Oct 2017.

-- Jytdog (talk) 00:23, 30 November 2017 (UTC)Reply

Ownership

edit

Looking for independent sources on the companies that have been involved in this - Electric Sheep Fencing LLC then Rubicon/Netgate. The business matters around this. Jytdog (talk) 14:49, 30 November 2017 (UTC)Reply

Removal of content

edit

User:Gonzopancho please explain why you are removing the content about the WTO matter. Thanks. Jytdog (talk) 17:29, 13 July 2018 (UTC)Reply

how on earth does the WIPO matter have anything to do with pfSense (other than to simply promote OPNsense on pfSense wikipedia page?) --Gonzopancho (talk) 17:38, 13 July 2018 (UTC)Reply
This is something that the company actually did. You need to explain why you removed it. Jytdog (talk) 21:29, 13 July 2018 (UTC)Reply
Regardless of the truth of dispute, the paragraph on OPNsense does not belong on the pfsense page as has nothing to do with the open source firewall/router software distribution itself, which is what this article is for. This paragraph would be more appropriately moved to the wiki page for Rubicon Communications, LLC or Netgate, who are the companies involved in this dispute. Furthermore, Wikipedia is not the place for companies to get revenge and to bring up every cases that a company has lost against another. The WIPO case is public and people can find it. If the Decisio or the OPNsense developers fell upset about past events, they can mention such on their website and user forums. Wikipedia is not the place to carry on this argument. Full disclosure: I am not affiliated with either company or software project, but I don't appreciate the negativity that this paragraph brings and the lack of value it provides about helping someone learn about pfsense the firewall/router product. Ice Ardor (talk) 04:00, 24 April 2020 (UTC)Reply
  • I'm reverting and reinstating the content (but editing for brevity).
  • Also: including material in parent or child articles is standard practice (e.g. Tor (anonymity network)#Tor Browser). Since there is no Negate parent article, such material would belong here (preferably under it's own section heading, for the time being). All are encouraged to boldly create such an article, however.
  • WP:IDONTLIKEIT isn't a valid rationale. Nothing "negative" about it either way (it's rather dry, to be honest), and it passes the WP:NPOV test. -- dsprc [talk] 23:40, 25 November 2020 (UTC)Reply
  • I'm again reverting changes made by Ice Ardor as the stated reason of the information being off topic is not the case. As Jytdog pointed out it is something the company actually did. The Netgate page is now a redirect to the pfSense page and therefore any material that would have been included in the Netgate page, that is notable and regards pfSense, should now live here.
  • I further concur that the wording of the paragraph about the WIPO case is "dry" or to put it in more WP terms, neutral. It describes events that took place, no more, no less. It is WP:NPOV.
  • I will also note that such a neutral recounting of facts does not seem to reasonably constitute the carrying on of this argument. Merely that it is being documented as a notable event in this software's history something that would seem to fall well within the bounds of Wikipedia's mission.Generically Named (talk) 11:25, 11 October 2024 (UTC)Reply
  • I have however made the OPNsense section more distinct along with the Wireguard section to ensure clarity. The WIPO case information did not fit in its original location as part of the overview. Generically Named (talk) 11:33, 11 October 2024 (UTC)Reply

Why no mention of Netgate?

edit

Why are there no mention of Netgate trying to hurt OPNsense by spreading lies on the Netgate owned domain opnsense.com? — Preceding unsigned comment added by Dustie (talkcontribs) 02:33, 5 November 2020 (UTC)Reply

Semi-protected edit request on 4 September 2020

edit

Preview REleases on daily basis https://snapshots.pfsense.org/amd64/pfSense_master/installer/ 92.117.174.218 (talk) 10:48, 4 September 2020 (UTC)Reply

We usually don't include links like these. – Thjarkur (talk) 13:29, 4 September 2020 (UTC)Reply
The note in the sidebar says that the last 2.5.0 release was over a year ago, which is incorrect and should be updated; right now, the oldest snapshot available via that link is from 02 January 2021. 71.237.199.9 (talk) 23:50, 9 January 2021 (UTC)Reply

New release

edit

Now up to version 2.5.1 210.54.90.224 (talk) 01:52, 14 April 2021 (UTC)Reply

Discussion of reverts

edit

@Dashmix: @Cyrix2k: Please discuss your reasoning for the edits you've made here so that we can reach an agreement and not engage in an edit war. Blaze The Wolf | Proud Furry and Wikipedia Editor (talk) (Stupidity by me) 16:01, 10 September 2021 (UTC)Reply

@Cyrix2k:, You are reverting only the edits pertaining to OPNsense on the page of pfSense. This clearly indicates that you have some vested interest in OPNsense. It appears you are an advocate for OPNsense and is intent on having the pfSense page be an extension of your feelings toward Netgate, rather than fairly and objectively progressing an unbiased history of pfSense software.

I have restored my edits. Reasoning for my edits:

  • pfSense is completely open source and not partially open source - the gnid source code is not needed to build the pfSense source code.
  • In 2014, a competing open source firewall and routing software project, OPNsense, was forked from pfsense, with the first official release in Jan 2015. Both pfsense and OPNsense are under active development, while the original m0n0wall project has been discontinued - I had removed this line because it looks like self-promotion done by OPNsense as the citation was OPNsense’s own website which does not meet WP:CITE, WP:RS
  • In November 2017, a World Intellectual Property Organization panel found Netgate, the copyright holder of pfSense, utilized OPNsense' trademarks in bad faith to discredit OPNsense, and obligated Netgate to transfer ownership of a domain name to Deciso - I had removed this because - Netgate is not the copyright holder of PfSense, the official website states that states that ‘pfSense software is Copyright 2004-2021 Electric Sheep Fencing, LLC.’ and ‘pfSense is a federally registered trademark of Electric Sheep Fencing, LLC.’ — Preceding unsigned comment added by Dashmix (talkcontribs) 16:14, 10 September 2021 (UTC)Reply
Foremost: focus on content, not contributors, WP:CIV, WP:AGF, and all that jazz…
Further: line on partial, proprietary components was sourced – we'll need a source to back claims stating otherwise. (Per previous comments above on this matter: WP:IDONTLIKEIT isn't a valid rationale.)
Continuing: edit summary of removal stated: "removing content with no correct ref" – material is properly cited and ref'd.
Second ed summary claimed: "excluding possible vandalism by OPNsense" – that's not vandalism, and We ain't no OPNsense…
One-line blurb noting a fork doesn't read as promotional, and is free of puffery. Agree a third-party should be cited to support this claim, however.
Netgate is the commonly known trade name of Rubicon/El Sheep. Thus, presentation of such nomenclature in this manner would be appropriate; particularly since the shell [corp] game is noted by the referenced source. -- dsprc [talk] 22:32, 18 March 2022 (UTC)Reply

Semi-protected edit request on 1 September 2022

edit

Add hyperlink to OPNsense topic where that word appears in the article Clbii (talk) 00:35, 1 September 2022 (UTC)Reply

  Done ScottishFinnishRadish (talk) 00:40, 1 September 2022 (UTC)Reply

Infobox edits???

edit

How can one edit the Infobox to contain both the paid and the community edition versions of pfSense? The paid versions are still happening yet community was last updated over a year ago. — Preceding unsigned comment added by NantucketHistory (talkcontribs) 17:52, 6 April 2023 (UTC)Reply