PfSense
Encyclopedia
pfSense is an open source
firewall
/router
distribution based on FreeBSD
. pfSense is meant to be installed on a personal computer and is noted for its reliability and offering features often only found in expensive commercial firewalls. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage. pfSense is commonly deployed as a Perimeter Firewall, router, wireless access point
, DHCP server, DNS
server, and as a VPN endpoint.
The name was derived from the fact that it helps make the BSD packet-filtering tool pf
make more sense to non-technical users.
project by Chris Buechler and Scott Ullrich. From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for CompactFlash
-based installations. Version 1.0 of the software was released on October 4, 2006.
Open-source software
Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...
firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
/router
Residential gateway
A residential gateway is a home networking device, used as a gateway to connect devices in the home to the Internet or other WAN.It is an umbrella term, used to cover multi-function networking computer appliances used in homes, which may combine a DSL or cable modem, a firewall, a consumer-grade...
distribution based on FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
. pfSense is meant to be installed on a personal computer and is noted for its reliability and offering features often only found in expensive commercial firewalls. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage. pfSense is commonly deployed as a Perimeter Firewall, router, wireless access point
Wireless access point
In computer networking, a wireless access point is a device that allows wireless devices to connect to a wired network using Wi-Fi, Bluetooth or related standards...
, DHCP server, DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
server, and as a VPN endpoint.
The name was derived from the fact that it helps make the BSD packet-filtering tool pf
PF (firewall)
PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and ipfilter...
make more sense to non-technical users.
History
The pfSense project started in 2004 as a fork of the m0n0wallM0n0wall
m0n0wall is an embedded firewall distribution of FreeBSD, one of the BSD operating system descendants. It provides a small image which can be put on Compact Flash cards as well as on CDROMs and hard disks. It runs on a number of embedded platforms and generic PCs...
project by Chris Buechler and Scott Ullrich. From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for CompactFlash
CompactFlash
CompactFlash is a mass storage device format used in portable electronic devices. Most CompactFlash devices contain flash memory in a standardized enclosure. The format was first specified and produced by SanDisk in 1994...
-based installations. Version 1.0 of the software was released on October 4, 2006.
Features
- Stateful firewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
- Network Address TranslationNetwork address translationIn computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
- Redundancy through CARPCommon Address Redundancy ProtocolThe Common Address Redundancy Protocol or CARP is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy, especially when used with firewalls and routers. In some configurations CARP can also provide...
and pfsyncPfsyncPfsync is a computer protocol used to synchronize firewall states between machines running Packet Filter for High Availability. It's used along with CARP to make sure a backup firewall has the same information as the main firewall... - Outbound and inbound load balancingLoad balancing (computing)Load balancing is a computer networking methodology to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization, maximize throughput, minimize response time, and avoid...
- Virtual Private NetworkVirtual private networkA virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
s using IPsecIPsecInternet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
, L2TPL2TPIn computer networking, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks . It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.-History:Published in 1999...
, OpenVPNOpenVPNOpenVPN is a free and open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for...
, or PPTP - PPPoEPoint-to-Point Protocol over EthernetThe Point-to-Point Protocol over Ethernet is a network protocol for encapsulating Point-to-Point Protocol frames inside Ethernet frames. It is used mainly with DSL services where individual users connect to the DSL modem over Ethernet and in plain Metro Ethernet networks...
server - RRDRRDtoolRRDtool aims to handle time-series data like network bandwidth, temperatures, CPU load, etc...
graphs reporting - Real-time information using AjaxAjax (programming)Ajax is a group of interrelated web development methods used on the client-side to create asynchronous web applications...
- Dynamic DNSDynamic DNSDynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information....
- Captive portalCaptive portalThe captive portal technique forces an HTTP client on a network to see a special web page before using the Internet normally. A captive portal turns a Web browser into an authentication device. This is done by intercepting all packets, regardless of address or port, until the user opens a browser...
- uPnP
- DHCPDynamic Host Configuration ProtocolThe Dynamic Host Configuration Protocol is a network configuration protocol for hosts on Internet Protocol networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default...
server and relay - Live CDLive CDA live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
version available - Support for software extensions, including the Squid proxy server, the SnortSnort (software)Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
intrusion prevention/detection system, and the FreeSWITCHFreeswitchFreeSWITCH is a free and open source communications software for the creation of voice and messaging products. It is licensed under the Mozilla Public License , a free software license...
telephony platform