Features List
From PFSenseDocs
The most comprehensive, up to date features listing can be found on the pfSense website.
A community contributed list follows.
- Firewall
- Easy to use Web Based Graphical Interface no need to know how to create firewall rules, it is helpful however.
- Installation Setup Wizard
- Wireless Access Point (must install a wifi interface)
- Abiltiy to setup and firewall multiple subnets ( seperate Accounting, Marketing, R&D and sales from each other)
- Traffic Shaping
- State Table
- NAT
- Redundancy
- CARP (failover) - CARP from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. pfSense also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.
- pfsync - pfsync ensures the firewall's state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.
- Load Balancing both Outbound and Inbound
- nmap, ping, traceroute via the GUI
- VPN - Ipsec, OpenVPN, PPTP
- PPPoE Server
- RRD Graphs Reporting
- Real Time Information - Using AJAX
- Dynamic DNS
- Captive Portal
- DHCP Server and Relay
- Command line shell access
- Wake on LAN
- Proxy Server
- built in sniffer - packet capture
- Ability to backup and restore your firewall configuration via the web GUI
- Edit files via the web GUI
Contents |
[edit]
Packages
The packages listed below can be installed with one click. Some are in beta stage.
[edit]
Security
- snort - Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.
- sshterm - This is a package of the SSHTools SSHTerm Java Applet. SSHTools is a suite of Java SSH applications providing a Java SSH API, SSH Terminal, SSH secured VNC client, SFTP client and SSH Daemon.
[edit]
Network Management
- Darkstat -
darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.
- Diagnostic States - Paul Taylors version of Diagnostics States which utilizes pftop.
- Iperf - Iperf is a tool for measuring maximum TCP and UDP bandwidth, reminiscent of ttcp and nettest. It has been written to overcome the shortcomings of those aging tools. Iperf can also test UDP bandwidth, loss, and jitter.
- ntop - ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
- nut - Network UPS Tools
- pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.
- squid Guard - High perfomance web proxy filter. Required proxy squid-2.6.5 (or hi).
- stunnel - The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the program's code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, allowing stunnel to support whatever cryptographic algorithms you compiled into your crypto package.
[edit]
Services
- widentd - RFC1413 auth/identd daemon with fixed fake reply
- Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections possible via a masquerading firewall. It allows SIP clients (like kphone, linphone) to work behind an IP masquerading firewall or router.
- PHPSysInfo is a customizable PHP Script that parses /proc, and formats information nicely. It will display information about system facts like Uptime, CPU, Memory, PCI devices, SCSI devices, IDE devices, Network adapters, Disk usage, and more.
- The Frickin PPTP Proxy allows a Point-to-Point Tunneling Protocol (PPTP) client to connect to a PPTP server through Network Address Translation.
- dns-server - pfSense version of TinyDNS which features failover host support
- arping - Broadcasts a who-has ARP packet on the network and prints answers. VERY useful when you are trying to pick an unused IP for a net that you don't yet have routing to. Then again, if you have no idea what I'm talking about then you prolly don't need it.
- Zabbix Agent - Monitoring agent.
[edit]
System
- freeradius - A free implementation of the RADIUS protocol.
- phpsysinfo - PHPSysInfo is a customizable PHP Script that parses /proc, and formats information nicely. It will display information about system facts like Uptime, CPU, Memory, PCI devices, SCSI devices, IDE devices, Network adapters, Disk usage, and more.
[edit]
Installation Guide
Now that you have reviewed the features, if you are interested in trying out the pfSense firewall you can download the live CD and check it out without installing on an old PC.
Installation Tutorials are available.
http://doc.pfsense.org/smiller/pfSenseQuickStartGuide.pdf
Flash graphical tutorial
