PfSense

Last updated

pfSense
Version of the FreeBSD operating system
PfSense logo.svg
Dashboard der pfSense 2.6.0.jpg
The main dashboard of pfSense 2.7.0-DEVELOPMENT
Developer Rubicon Communications, LLC (Netgate)
OS family FreeBSD
Working stateCurrent
Source model Closed source and open source
Released to
manufacturing 		Oct 2006
Latest release
  • Community Edition: 2.7.2 (amd64) / December 7, 2023;12 months ago (2023-12-07) [1]
  • Plus: 23.09.1 / December 7, 2023;12 months ago (2023-12-07) [1]
Repository
Platforms 32-bit (discontinued in 2.4.x); 64-bit Intel / AMD
Default
user interface 		Web
License Apache License 2.0 [2] (Applies to pfSense CE)
Official website pfsense.org
Support status
  • Supported by the community
  • Paid commercial support


pfSense is a firewall/router computer software distribution based on FreeBSD. The open source pfSense Community Edition (CE) and pfSense Plus is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. [3] It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage. [4] [5]

Contents

Overview

The pfSense project began in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich. Its first release was in October 2006. [6] The name derives from the fact that the software uses the packet-filtering tool, PF. [7]

Notable functions of pfSense include traffic shaping, VPNs using IPsec or PPTP, captive portal, stateful firewall, network address translation, 802.1q support for VLANs, and dynamic DNS. [8] pfSense can be installed on hardware with an x86-64 processor architecture. It can also be installed on embedded hardware using Compact Flash or SD cards, or as a virtual machine. [9]

OPNsense

In January 2015, the OPNsense project was started by forking the version of pfSense at that time. [10]

In November 2017, a World Intellectual Property Organization panel found Netgate, the copyright holder of pfSense, utilized OPNsense' trademarks in bad faith to discredit OPNsense, and obligated Netgate to transfer ownership of a domain name to Deciso. [11]

WireGuard protocol support

In February 2021, pfSense CE 2.5.0 and pfSense Plus 21.02 added support for a kernel WireGuard implementation. Support for WireGuard was temporarily removed in March 2021 after implementation issues were discovered by WireGuard founder Jason Donenfeld. [12] [13] [14] The July 2021 release of pfSense CE 2.5.2 version re-included WireGuard. [15]

See also

Related Research Articles

A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall.

PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter.

IPFilter is an open-source software package that provides firewall services and network address translation (NAT) for many Unix-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.

m0n0wall was an embedded firewall distribution of FreeBSD, one of the BSD operating system descendants. It provided a small image which could be put on Compact Flash cards as well as on CD-ROMs and hard disks. It ran on a number of embedded platforms and generic PCs. The PC version could be run with just a Live CD and a floppy disk to store configuration data, or on a single Compact Flash card. This eliminated the need for a hard drive, which reduces noise and heat levels and decreases the risk of system failure through elimination of moving parts found in older hard drives.

Smoothwall is a Linux distribution designed to be used as an open source firewall. Smoothwall is configured via a web-based GUI and requires little or no knowledge of Linux to install or use.

ALTQ is the network scheduler for Berkeley Software Distribution. ALTQ provides queueing disciplines, and other components related to quality of service (QoS), required to realize resource sharing. It is most commonly implemented on BSD-based routers. ALTQ is included in the base distribution of FreeBSD, NetBSD, and DragonFly BSD, and was integrated into the pf packet filter of OpenBSD but later replaced by a new queueing subsystem.

ipfirewall Firewall software

ipfirewall or ipfw is a FreeBSD IP, stateful firewall, packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus enables users to satisfy advanced requirements. It can either be used as a loadable kernel module or incorporated into the kernel; use as a loadable kernel module where possible is highly recommended. ipfw was the built-in firewall of Mac OS X until Mac OS X 10.7 Lion in 2011 when it was replaced with the OpenBSD project's PF. Like FreeBSD, ipfw is open source. It is used in many FreeBSD-based firewall products, including m0n0wall and FreeNAS. A port of an early version of ipfw was used since Linux 1.1 as the first implementation of firewall available for Linux, until it was replaced by ipchains. A modern port of ipfw and the dummynet traffic shaper is available for Linux and Microsoft Windows. wipfw is a Windows port of an old (2001) version of ipfw.

There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrated to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8.

Tinc is an open-source, self-routing, mesh networking protocol and software implementation used for compressed and encrypted virtual private networks. It was started in 1998 by Guus Sliepen, Ivo Timmermans, and Wessel Dankers, and released as a GPL-licensed project.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

<span class="mw-page-title-main">Junos OS</span> Real-time operating system (RTOS) software

Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices.

OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.

The Data Plane Development Kit (DPDK) is an open source software project managed by the Linux Foundation. It provides a set of data plane libraries and network interface controller polling-mode drivers for offloading TCP packet processing from the operating system kernel to processes running in user space. This offloading achieves higher computing efficiency and higher packet throughput than is possible using the interrupt-driven processing provided in the kernel.

The history of the Berkeley Software Distribution began in the 1970s when University of California, Berkeley received a copy of Unix. Professors and students at the university began adding software to the operating system and released it as BSD to select universities. Since it contained proprietary Unix code, it originally had to be distributed subject to AT&T licenses. The bundled software from AT&T was then rewritten and released as free software under the BSD license. However, this resulted in a lawsuit with Unix System Laboratories, the AT&T subsidiary responsible for Unix. Eventually, in the 1990s, the final versions of BSD were publicly released without any proprietary licenses, which led to many descendants of the operating system that are still maintained today.

<span class="mw-page-title-main">OPNsense</span> Firewall distribution

OPNsense is an open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense.

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs). It aims to be lighter and better performing than IPsec and OpenVPN, two common tunneling protocols. The WireGuard protocol passes traffic over UDP.

Router software requires updating to stay secure, this comparison provides an overview of third party options.

References

  1. 1 2 "Releases — Versions of pfSense and FreeBSD". netgate.com. Retrieved 2024-02-16.
  2. "pfSense adopts Apache 2.0 License". Serve The Home (Loyolan Ventures, LLC). 19 June 2016.
  3. Ot, Anina (2021-02-03). "6 Reasons Why You Should Be Using pfsense Firewall". MUO.
  4. "You should be running a pfSense firewall". InfoWorld. 22 December 2014. Retrieved 27 July 2015.
  5. Miller, Sloan (26 June 2008). "Configure a professional firewall using pfSense". Free Software Magazine (22). Archived from the original on 3 October 2011. Retrieved 27 September 2009.
  6. Fields, Robert (28 October 2016). "Happy 10th Anniversary to pfSense Open Source Software". Netgate Blog.
  7. Mobily, Tony (14 August 2007). "Interview with Jeff Starkweather, Chris Buechler and Scott Ullrich". Free Software Magazine. Archived from the original on 12 September 2015. Retrieved 5 May 2020.
  8. "pfSense® CE functions".
  9. "How to Install pfSense Firewall on Ubuntu and CentOS?". Geekflare. 2020-02-06.
  10. Fischer, Werner (2018-11-21). OPNsense: the "open" firewall for your datacenter . Retrieved 2024-10-11 via media.ccc.de.
  11. "WIPO Domain Name Decision: D2017-1828". WIPO. November 12, 2017.
  12. Salter, Jim (2021-03-15). "In-kernel WireGuard is on its way to FreeBSD and the pfSense router". Ars Technica. Retrieved 2021-03-20.
  13. "Releases — 21.02/21.02-p1/2.5.0 New Features and Changes". docs.netgate.com. Retrieved 2021-03-20.
  14. Kumar, Rohit (2021-03-19). "pfSense and FreeBSD Pull Back on Kernel WireGuard Support". ServeTheHome. Retrieved 2021-03-20.
  15. "pfSense CE 2.5.2-RELEASE Now Available". www.netgate.com.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.