about pfSense

pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or
a virtual machine to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint. pfSense supports installation of 3rd party packages like Snort or Squid through its Package Manager.

Name

The name was derived from the fact that it helps make the stateful packet-filtering tool PF (which acts as a firewall, packet filter, and routing service on many BSD and Unix platforms) make more sense to non-technical users.

History

The pfSense project started in 2004 as a fork of the m0n0wall project by Chris Buechler and Scott Ullrich. From the beginning, it focused on full PC installations, as opposed to m0n0wall's focus on embedded hardware. However, pfSense is also available as an embedded image for Compact Flash-based installations. Version 1.0 of the software was released on October 4, 2006. Version 2.0 was released on September 17, 2011. Version 2.1 was released on September 15, 2013 and version 2.2 was released January 23, 2015.

Version histor

Features

Install, update, packages, management	Live CD, update, NanoBSD/embedded, virtual machine, and USB installers available Packaged support/push-button installer for extensions, including the Squid proxy server, the Snort intrusion prevention/detection system, ntop, the HAVP antivirus package, IP address blocklist' Multi-language Console, web-based GUI, SSH (if enabled) and serial management RRD graphs reporting Traffic shaping and filtering Real-time information using Ajax
Functionality and connectivity	Virtual Private Networks using IPsec, L2TP, OpenVPN, or PPTP PPPoE server High availability clustering; redundancy and failover including CARP and pfsync Outbound and inbound load balancing Quality of Service (QoS) Dynamic DNS Captive portal uPnP Multi-WAN VLAN (802.1q) DHCP server and relay IPv6 support Multiple public IP addresses/multi-NAT RADIUS/LDAP Multiple resolvers (DNS forwarder, Unbound, TinyDNS, other) Aliases supported for rules, IP addresses, ports, computers, and other entities
Firewall and routing	Stateful firewall Network Address Translation Filtering by source/destination IP address, protocol, OS/network fingerprinting Flexible routing Per-rule configurable logging and per-rule limiters (IP addresses, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway Packet scrubbing Layer 2/bridging capable State table "up to several hundred thousand" states (1 KB RAM per state approx) State table algorithms customizable including low latency and low-dropout
Packages support	Packages available as "push button installs" among others: Snort Intrusion detection and prevention Suricata Intrusion detection and prevention pfBlockerNG OpenBGPD MailScanner HAProxy Asterisk Squid caching and reverse proxy with SquidGuard HAVP antivirus with ClamWin Varnish3 Postfix forwarder Apache HTTP Server with mod-security FreeSWITCH (Voice over IP) spamd ntopNG nmap multiple monitoring and statistics packages, file managers.

Hardware

pfSense 2.x has low minimum system requirements (for example 256 MB RAM and 500 MHz CPU) and can be installed on hardware with x86 or x86-64 architecture. It is also available for embedded system hardware using Compact Flash or SD cards. pfSense also supports virtualized installation.