The third annual pfSense hackathon has been a great success. There was a lot of cleaning up code and cleaning up the many new features that are already in the development branches, rather than adding more new features. This leaves pfSense in a better position to get out future releases.
The third annual pfSense Hackathon starts this coming weekend through the following weekend, in Louisville, KY US. Two developers (Holger and Seth) will be coming in from Europe, as well as Bill from the Chicago area, Gary with Centipede Networks from Tulsa, and Scott and I who both live in Louisville.
This is the longest hackathon yet, at 8 days from start to finish time.
If you’re interested, have a look at the ideas page with a list of things that may/may not be worked on. If you know of something you’d like to see, please contact Chris and it may get added to the list.
For contact details and more details, read the full post here.
The second release candidate of pfSense, a FreeBSD-based firewall, is ready for testing:
pfSense 1.2-RC2 has been released. Here are just a few of the new improvements and features that have made their way into this new version: automatically restarts racoon (ipsec-tools if it wedges); ensure CARP status page cache is cleared before load; updated lighttpd to 1.4.15; APC updated to 3.0.14; update to DNSMASQ 2.3.9; ensure that rules are cleared from UPNP when service is stopped; correctly show IPSEC firewall rules tab when Mobile IPSEC is enabled; quality graph miscellaneous alignments; backport show username on captive portal status screen; do not allow aliases named ‘pptp’; TCP timeout time fixes.
Read the complete changelog for full details.
Centipede Networks has recently entered a partnership with BSD Perimeter to offer commercial support for two important free software projects, pfSense and m0n0wall.
The Free Software Magazine talked to Jeff Starkweather (CEO of Centipede Networks), Chris Buechler (BSD Perimiter’s CTO) and Scott Ullrich (Chief Architect at BSD Perimiter).
TM: Hello everybody, and thank you for answering my questions! Jeff, Chris, Scott please introduce yourselves and your companies to our readers.
JS: My name is Jeff Starkweather and I am the CEO of Centipede Networks. Centipede Networks is a dba of S4F, Inc. in Tulsa, OK, U.S.A. The company started out about 10 years ago as an ISP providing dialup access that had content filtering bundled with the service. As time progressed we branched out into products which included an internet security appliance that provides firewall, content filter and spam and virus filtering services.
CB: My name is Chris Buechler and I am the CTO of BSD Perimeter, a co-founder of the pfSense project, and a long time m0n0wall contributor. I’m not a developer on either project, but possess a deep understanding of networks and security that has enabled me to contribute heavily to both projects in project direction, testing, documentation and support.
BSD Perimeter was founded in Louisville, KY, U.S.A. by Chris Buechler and I to provide commercial backing and support for the pfSense and m0n0wall projects.
SU: My name is Scott Ullrich, and I am the Chief Architect of BSD Perimeter, the other co-founder of pfSense, and its primary developer.
Read the whole interview here
A number of pfSense developers will be flying in to Louisville from around the world to participate in the 2007 Hackthon! During this time a number of pfSense developers get together and spend most of their time hacking on pfSense, testing and many other related items.
Have you ever wasted too much time online? Right, so posting this on my blog imparts some selection bias to the answers to that question. But have you really wasted time to the point of not getting work done, or letting other things fall by the wayside?
We’re going to block some sites that sing their siren song to us, calling like the blue light inside the bug zapper. I’ll use four that friends have suggested.
Now, it’s simply no good to just cut off your access to these sites. The goal here is to get you back to work, not to make it so that you have to go find a way around an all-encompassing block to get your fix. So, we’re going to block access to problem sites during parts of the day when you think you ought not be accessing them.
This can now be easily done with pfSense
To implement this we need to break down the problem into two parts:
1. What do we want to block?
2. When do we want to block it?
Read the complete howto here.
1.2-BETA-2 has many new features and stability improvements making it the leading Open Source firewall solution. Enterprise features, rock solid stability adds up to one great release!
Here are just a few of the new improvements and features that have made their way into this new version: advanced outbound NAT fixes; UPNP now works on live CD; miscellaneous log viewing fixes; password field lengths now line up on nervecenter theme; IPSEC now works correctly on CARP interfaces out of the box; routed hosts behind a policy-routed segment can now reach the LAN interface correctly when the anti-lockout rule is enabled; pfSync and CARP now will work correctly on extremely restrictive rulesets; captive portal images fixed…
Read the rest of the release announcement for full details.
I’ve been going through all the open bug tickets cleaning up things that have been fixed and reviewing everything else to help Scott and the other developers fix the remaining issues. We’re down to about a half dozen known issues in the current RELENG_1_2 snapshots, which will hopefully all be fixed in a week or less. At that point, assuming we don’t find any other issues in the mean time, 1.2b2 will be released.As always, I can’t speculate on a release date for 1.2. That largely depends on what issues people find once 1.2b2 is out, and how much the developers’ real lives and paid work get in the way of open source work. Probably somewhere between 1-4 months from now. We’re shooting for sooner rather than later, as this release is already drastically more reliable and bug free than 1.0.1, but we also want to make sure there are no known issues in the 1.2 release.
Source: pfSense Blog
A very short comparison
Compared to m0n0wall, it (i.e. pfSense) has many many more features. That proves problematic for very basic systems, like the soekris net4501 which only has 64mb of ram. m0n0wall runs great on that platform, but pfsense requires 128MB of RAM so its a no go.
m0n0wall does have simplicity going for it, as well as security. Simplicity is nice in many ways – fewer things can go wrong, etc., and with no ssh or servers other than the webGUI which can use SSL, you’ve got a tight box – even the console is very limited.
There’s more detailed information on the differences and similarities between pfSense and M0n0wall on the FreeBSD systems page.