Introducing pfSense

From PFSenseDocs

Jump to: navigation, search


Previous page Contents Next Page

Contents

[edit]

What pfSense is

pfSense is a complete firewall software package that, when used together with an full PC or an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). pfSense is based on stripped down and heavily customized version of FreeBSD, along with a web server LightTPD, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.

pfSense is probably the second UNIX system to have its boot-time configuration done with PHP, rather than the usual shell scripts, and to have the entire system configuration stored in XML format. The pfSense project was based on m0n0wall, which was the first system of this type.

pfSense features a package system, available on non-embedded installations, that allows the environment to be extended with new features and functions.

[edit]

What pfSense is not

pfSense is a firewall, and the purpose of a firewall is to provide security. The more functionality is added, the greater the chance that a vulnerability in that additional functionality will compromise the security of the firewall. It is the opinion of the pfSense founders and core contributors that anything outside the base services of a layers 2 through 4 firewall do not belong in pfSense's base system. Services may be extended via the package manager but the operator should use caution in deciding when, where and how to deploy these services. In many cases a separate machine deployed alongside the primary firewall would serve better to maintain maximum security.

[edit]

History

Coming Soon

[edit]

Features

pfSense provides many of the features of expensive commercial firewalls, and some you won't find in any commercial firewalls, including:

  • web interface (supports SSL)
  • serial console interface for recovery
    • set LAN IP address
    • reset password
    • restore factory defaults
    • reboot system
  • wireless support (access point with PRISM-II/2.5 cards, BSS/IBSS with other cards including Cisco)
  • stateful packet filtering
    • block/pass rules
    • logging
  • NAT/PAT (including 1:1)
  • DHCP client, PPPoE and PPTP support on the WAN interface
  • IPsec VPN tunnels (IKE; with support for hardware crypto cards and mobile clients)
  • PPTP VPN (with RADIUS server support)
  • static routes
  • DHCP server
  • caching DNS forwarder
  • DynDNS client
  • SNMP agent
  • traffic shaper
  • firmware upgrade through the web browser
  • configuration backup/restore
  • host/network aliases
[edit]

Software Copyright and Distribution (Licenses)

See Copyright

[edit]

Contributors and Credits

Coming Soon!

[edit]

Documentation

See the Documentation Category

Previous page Contents Next Page

Retrieved from "http://doc.pfsense.org/index.php/Introducing_pfSense"
Personal tools