3rd pfSense hackaton this weekend

pfsense.gifThe third annual pfSense Hackathon starts this coming weekend through the following weekend, in Louisville, KY US. Two developers (Holger and Seth) will be coming in from Europe, as well as Bill from the Chicago area, Gary with Centipede Networks from Tulsa, and Scott and I who both live in Louisville.

This is the longest hackathon yet, at 8 days from start to finish time.

If you’re interested, have a look at the ideas page with a list of things that may/may not be worked on. If you know of something you’d like to see, please contact Chris and it may get added to the list.

For contact details and more details, read the full post here.

pfSense 1.2 RC 2 released

The second release candidate of pfSense, a FreeBSD-based firewall, is ready for testing:

pfSense logopfSense 1.2-RC2 has been released. Here are just a few of the new improvements and features that have made their way into this new version: automatically restarts racoon (ipsec-tools if it wedges); ensure CARP status page cache is cleared before load; updated lighttpd to 1.4.15; APC updated to 3.0.14; update to DNSMASQ 2.3.9; ensure that rules are cleared from UPNP when service is stopped; correctly show IPSEC firewall rules tab when Mobile IPSEC is enabled; quality graph miscellaneous alignments; backport show username on captive portal status screen; do not allow aliases named ‘pptp'; TCP timeout time fixes.

Read the complete changelog for full details.

Interview with Jeff Starkweather, Chris Buechler and Scott Ullrich

Centipede Networks has recently entered a partnership with BSD Perimeter to offer commercial support for two important free software projects, pfSense and m0n0wall.

The Free Software Magazine talked to Jeff Starkweather (CEO of Centipede Networks), Chris Buechler (BSD Perimiter’s CTO) and Scott Ullrich (Chief Architect at BSD Perimiter).

TM: Hello everybody, and thank you for answering my questions! Jeff, Chris, Scott please introduce yourselves and your companies to our readers.

JS: My name is Jeff Starkweather and I am the CEO of Centipede Networks. Centipede Networks is a dba of S4F, Inc. in Tulsa, OK, U.S.A. The company started out about 10 years ago as an ISP providing dialup access that had content filtering bundled with the service. As time progressed we branched out into products which included an internet security appliance that provides firewall, content filter and spam and virus filtering services.

CB: My name is Chris Buechler and I am the CTO of BSD Perimeter, a co-founder of the pfSense project, and a long time m0n0wall contributor. I’m not a developer on either project, but possess a deep understanding of networks and security that has enabled me to contribute heavily to both projects in project direction, testing, documentation and support.

BSD Perimeter was founded in Louisville, KY, U.S.A. by Chris Buechler and I to provide commercial backing and support for the pfSense and m0n0wall projects.

SU: My name is Scott Ullrich, and I am the Chief Architect of BSD Perimeter, the other co-founder of pfSense, and its primary developer.

Read the whole interview here

Internet access & time slots (pre)defined with pfSense

pfSense logoHave you ever wasted too much time online? Right, so posting this on my blog imparts some selection bias to the answers to that question. But have you really wasted time to the point of not getting work done, or letting other things fall by the wayside?

We’re going to block some sites that sing their siren song to us, calling like the blue light inside the bug zapper. I’ll use four that friends have suggested.

Now, it’s simply no good to just cut off your access to these sites. The goal here is to get you back to work, not to make it so that you have to go find a way around an all-encompassing block to get your fix. So, we’re going to block access to problem sites during parts of the day when you think you ought not be accessing them.

This can now be easily done with pfSense

To implement this we need to break down the problem into two parts:

1. What do we want to block?
2. When do we want to block it?

Read the complete howto here.

pfSense 1.2-BETA-2 released

pfSense logoAfter a long bug hunting and regression testing period, Scott Ullrich has announced the second beta release of pfSense 1.2, a FreeBSD-based firewall on 04 July.

1.2-BETA-2 has many new features and stability improvements making it the leading Open Source firewall solution. Enterprise features, rock solid stability adds up to one great release!

Here are just a few of the new improvements and features that have made their way into this new version: advanced outbound NAT fixes; UPNP now works on live CD; miscellaneous log viewing fixes; password field lengths now line up on nervecenter theme; IPSEC now works correctly on CARP interfaces out of the box; routed hosts behind a policy-routed segment can now reach the LAN interface correctly when the anti-lockout rule is enabled; pfSync and CARP now will work correctly on extremely restrictive rulesets; captive portal images fixed…

Read the rest of the release announcement for full details.

pfSense 1.2 status update

I’ve been going through all the open bug tickets cleaning up things that have been fixed and reviewing everything else to help Scott and the other developers fix the remaining issues. We’re down to about a half dozen known issues in the current RELENG_1_2 snapshots, which will hopefully all be fixed in a week or less. At that point, assuming we don’t find any other issues in the mean time, 1.2b2 will be released.As always, I can’t speculate on a release date for 1.2. That largely depends on what issues people find once 1.2b2 is out, and how much the developers’ real lives and paid work get in the way of open source work. Probably somewhere between 1-4 months from now. We’re shooting for sooner rather than later, as this release is already drastically more reliable and bug free than 1.0.1, but we also want to make sure there are no known issues in the 1.2 release.

Source: pfSense Blog

pfSense versus m0n0wall

A very short comparison

Compared to m0n0wall, it (i.e. pfSense) has many many more features. That proves problematic for very basic systems, like the soekris net4501 which only has 64mb of ram. m0n0wall runs great on that platform, but pfsense requires 128MB of RAM so its a no go.

m0n0wall does have simplicity going for it, as well as security. Simplicity is nice in many ways – fewer things can go wrong, etc., and with no ssh or servers other than the webGUI which can use SSL, you’ve got a tight box – even the console is very limited.

There’s more detailed information on the differences and similarities between pfSense and M0n0wall on the FreeBSD systems page.

What is FreeBSD?

This website deals with the FreeBSD Operating System, but what is FreeBSD?

FreeBSD (FBSD) is an advanced Unix-like operating system developed by the FreeBSD Project. FBSD is one of the most reliable, robust and secure operating systems in the world. It is free, open source and powers some of the internet’s largest web servers, including Yahoo’s and Sony’s (more companies). Rock-solid stability and the ability to perform extremely well under heavy workloads makes this operating system a popular choice among Internet Service Providers and Web hosting companies. A cohesive userland and kernel, the ports system and regular OS upgrades are the strengths of this OS.

FreeBSD is derived from the Berkeley Software Distribution (BSD), the version of UNIX developed at the University of California at Berkeley between 1975 and 1993. FreeBSD is not a UNIX clone. Historically and technically, it has greater rights than UNIX System V to be called UNIX. Legally, it may not be called UNIX, since UNIX is now a registered trade mark of The Open Group.

FreeBSD runs on Intel processors as well as on DEC Alpha, Sun UltraSPARC processors, Itanium (IA-64) and AMD64 processors and soon on Suns Niagara servers (FreeBSD 7).

FreeBSD is an operating system that is very flexible and can therefore be used for various purposes:

  • FreeBSD – (web)servers
  • FreeNAS – Network Attached Storage servers
  • DragonFly BSD – Powering cluster computing
  • PC-BSD and DesktopBSD – Desktop
  • M0n0wall and pfSense – Firewall
  • Frenzy – portable system administrator toolkit
  • FreeSBIE and RoFreeSBIE- Live CDs

Stability, flexibility and security are what is needed for a good operating system, and FreeBSD has them all, whether you use it on your desktop or as server. There’s an interesting article on IBM’s website “Why FreeBSD” dealing with the strong points of FreeBSD.

pfSense 1.2-BETA-1 released

pfSense project logoAbout 2 weeks ago the pfSense Project have released 1.2-Beta-1. This version contains a quite a number of improvements and new features, including

  • FreeBSD updated to 6.2
  • Reworked load balancing pools which allow for round robin or failover
  • miniupnpd has proven to work so well that it is now in the base install but deactivated by default (uninstall the miniupnpd package before upgrading to avoid duplicate menu items)
  • Much enhanced RRD graphs
  • Numerous Squid Package fixes
  • etc etc click here for the full list of changes/additions
  • If you want to see how to install pfSense or how to access the web interface, check out hese two video’s here.