© Sergey Mironov, 123RF.com

© Sergey Mironov, 123RF.com

pfSense firewall and router distribution

InflatableFirewall

Article from ADMIN 07/2012
By
pfSense is inconspicuous at first glance but impressive when you take a closer look. Even advanced features like high availability are part of its repertoire – not bad for a small firewall.

Chris Buechler and Scott Ullrich were unhappy. Although the FreeBSD m0n0wall distribution gave them a quick option for setting up a firewall and a router, it was designed for use on embedded systems. Because it had to run in RAM, extensions were difficult. This situation prompted the two to start working on their own distribution and spawned the development of pfSense [1].

The core of version 2.0 from late September 2011 comprises FreeBSD 8.1, which is tailored for use as a firewall and router. If desired, pfSense will also act as a DHCP server, a data provider for sniffers such as Wireshark, a VPN access point, a DNS server, and even a WLAN access point. Despite all this, the complete system weighs in at just 100MB, and to get started, you just need a USB stick and 128MB of RAM.

If the built-in functionality is not sufficient for your needs, you can extend pfSense by adding packages. For example, this could include a web proxy or an Intrusion Detection System (courtesy of Snort). Components are set up conveniently in a sophisticated web interface. Additionally, thanks to the BSD license, the whole package comes free of charge.

All-Purpose

pfSense takes its strange name from the PF firewall in OpenBSD. It offers stateful inspection; in other words, it can remember who opened what connection. The firewall can use rules not just to block individual ports and protocols but also to restrict the number of simultaneous connections for specific computers and to route traffic via predefined gateways.

Thanks to the p0f tool, pfSense can even distinguish between operating systems, which could be useful if you want to, say, prevent all of your Windows computers from accessing the Internet. pfSense automatically tries to correct or normalize strange-looking packets (scrubbing), thus preventing potential attacks

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=