Talk:PfSense

OPNsense

Mention the fork OPNsense and the ongoing controversy about pfSense not being actually free software (not all the source code is available). — Preceding unsigned comment added by 193.144.103.218 (talk • contribs) 09:42, 30 November 2017 (UTC)

seconded. this is not open source as pfsense cannot be built from source out of the repos. — Preceding unsigned comment added by 2603:8001:6B00:833:9EED:986D:5A4A:1744 (talk) 04:11, 26 January 2021 (UTC)

Here someone appears to have collected evidence on this: https://github.com/rapi3/pfsense-is-closed-source. Someone should have a critical look at this, other sources and/or try to build pfSense. If and when the evidence is deemed credible, the article should be changed. Hulten (talk) 12:35, 26 January 2021 (UTC)

Agreed, pfSense is not open source - the source code cannot be reproducibly built outside of the owning organization. I'm not a master on Wikipedia policies but I urge someone who is to review the above linked repository and consider removing "open source" from the article as it's very disingenuous. Also, be prepared for a wave of edits as this is breaking on hackernews. 2003:EC:371C:5700:35CB:F105:A8EC:AE12 (talk) — Preceding undated comment added 16:12, 26 January 2021 (UTC)

They recently launched a closed source branch called pfSense Plus which I have updated the article to reflect. The closed source github keeps being removed due to complaints but is valid to my knowledge; I'm not sure how that should be noted given that the majority of the code remains open source even if it can't be built.Cyrix2k (talk) 02:16, 13 March 2021 (UTC)

2013 note

It might be a good idea to organize popular packages into a table rather than a list — Preceding unsigned comment added by 216.114.236.63 (talk) 19:34, 4 September 2013 (UTC)

Question

Can anyone shed further light on the reasons why this page is being considered for deletion?Jenglish02 (talk) 05:08, 6 August 2015 (UTC)

PfSense website content

Moved here from the article. This is unsourced and is content for the product website. WP is not a proxy for their website.

Hardware requirements

pfSense 2.1 through 2.3 has low minimum system requirements (for example 256 MB RAM and 500 MHz CPU)^[1] and can be installed on hardware with x86 or x86-64 architecture. Since 2.4, pfSense requires the x86-64 architecture, ending support for 32-bit installations.^[2] Starting with 2.5, plans are to require cryptographic hardware acceleration, such as AES-NI.^[3] It is also available for embedded system hardware using Compact Flash or SD cards. pfSense also supports virtualized installation.

Features

Install, update, packages, management	ISO CD and USB stick installer images (VGA and serial console variants) are available. NanoBSD/embedded installs supported with 2.3.x only. Packaged support for extensions (see "Packages support" below) Multi-language Console, web-based GUI, SSH (if enabled) and serial management RRD graphs reporting Traffic shaping and filtering Real-time information using Ajax
Functionality and connectivity	Virtual Private Networks using IPsec, L2TP, or OpenVPN PPPoE server High availability clustering; redundancy and failover including CARP and pfsync Outbound and inbound load balancing Quality of Service (QoS) Dynamic DNS Captive portal uPnP Multi-WAN VLAN (802.1q) DHCP server and relay IPv6 support Multiple public IP addresses/multi-NAT RADIUS/LDAP Multiple resolvers (DNS forwarder, Unbound, TinyDNS, other) Aliases supported for rules, IP addresses, ports, computers, and other entities
Firewall and routing	Stateful firewall Network Address Translation Filtering by source/destination IP address, protocol, OS/network fingerprinting Flexible routing It is also used as a Proxy Detection service. source — Preceding unsigned comment added by 46.2.169.255 (talk) 18:59, 21 March 2024 (UTC) Per-rule configurable logging and per-rule limiters (IP addresses, connections, states, new connections, state types), Layer 7 protocol inspection, policy filtering (or packet marking), TCP flag state filtering, scheduling, gateway Packet scrubbing Layer 2/bridging capable State table "up to several hundred thousand" states (1 KB RAM per state approx) State table algorithms customizable including low latency and low-dropout
Packages support	Packages available with GUI install and configuration, among others: Snort Intrusion detection and prevention Suricata Intrusion detection and prevention pfBlockerNG OpenBGPD FRR HAProxy Squid caching and reverse proxy with SquidGuard and ClamAV FreeRADIUS ntopNG nmap multiple monitoring and statistics packages (Darkstat, Zabbix Agent/Proxy, softflowd)

Version history

Version history

Version Release date Significant changes 1.0[4] October 4, 2006 The first official release. 1.0.1[5] October 29, 2006 Bug fixes 1.2[6][7] February 25, 2008 FreeBSD updated to 6.2 Reworked load balancing pools which allow for round robin or failover Miniupnpd added to the base install Much enhanced RRD graphs Numerous Squid Package fixes dnsmasq updated to 2.36 olsrd updated to 0.4.10 BandwidthD package added PHP upgraded to 4.4.6 Lighttpd upgraded to 1.4.15 Numerous Bug fixes 1.2.1[8] December 26, 2008 FreeBSD updated to 7.0 Bug fixes 1.2.2[9] January 9, 2009 Setup wizard fix SVG graphs fixed (IPsec reload fix specific to large (100+ site) deployments Bridge creation code changes FreeBSD updates for two security advisories 1.2.3[10] December 10, 2009 Upgrade to FreeBSD 7.2 Embedded switched to nanobsd Dynamic interface bridging bug fix IPsec connection reloading improvements Dynamic site to site IPsec Sticky connections enable/disable Ability to delete DHCP leases Polling fixed ipfw state table size Server load balancing UDP state timeout increases Disable auto-added VPN rules option Multiple servers per-domain in DNS forwarder overrides No XMLRPC Sync rules fixed Captive portal locking replaced DNS Forwarder Outbound load balancer replaced 2.0[11] September 17, 2011 Upgrade to FreeBSD 8.1 Significant enhancements to almost every portion of the system (Full Change log) 2.0.1[12] December 20, 2011 Improved accuracy of automated state killing in various cases (#1421) Various fixes and improvements to relayd Fixed path to FreeBSD packages repo for 8.1 Various fixes to syslog Removed/silenced some irrelevant log entries Fixed various typos Fixes for RRD upgrade/migration and backup (#1758) Prevent users from applying NAT to CARP which would break CARP in various ways (#1954) Fixed policy route negation for VPN networks (#1950) Fixed “Bypass firewall rules for traffic on the same interface” (#1950) Fixed VoIP rules produced by the traffic shaper wizard (#1948) Fixed uname display in System Info widget (#1960) Fixed LDAP custom port handling Fixed Status > Gateways to show RTT and loss like the widget Improved certificate handling in OpenVPN to restrict certificate chaining to a specified depth – CVE-2011-4197 Improved certificate generation to specify/enforce type of certificate (CA, Server, Client) – CVE-2011-4197 Clarified text of serial field when importing a CA (#2031) Fixed MTU setting on upgrade from 1.2.3, now upgrades properly as MSS adjustment (#1886) Fixed Captive Portal MAC passthrough rules (#1976) Added tab under Diagnostics > States to view/clear the source tracking table if sticky is enabled Fixed CARP status widget to properly show “disabled” status. Fixed end time of custom timespan RRD graphs (#1990) Fixed situation where certain NICs would constantly cycle link with MAC spoofing and DHCP (#1572) Fixed OpenVPN ordering of client/server IPs in Client-Specific Override entries (#2004) Fixed handling of OpenVPN client bandwidth limit option Fixed handling of LDAP certificates (#2018, #1052, #1927) Enforce validity of RRD graph style Fixed crash/panic handling so it will do textdumps and reboot for all, and not drop to a db> prompt. Fixed handling of hostnames in DHCP that start with a number (#2020) Fixed saving of multiple dynamic gateways (#1993) Fixed handling of routing with unmonitored gateways Fixed Firewall > Shaper, By Queues view Fixed handling of spd.conf with no phase 2’s defined Fixed synchronization of various sections that were leaving the last item on the slave (IPsec phase 1, Aliases, VIPs, etc.) Fixed use of quick on internal DHCP rules so DHCP traffic is allowed properly (#2041) Updated ISC DHCP server to 4.2.3 (#1888) – this fixes a denial of service vulnerability in dhcpd. Added patch to mpd to allow multiple PPPoE connections with the same remote gateway Lowered size of CF images to again fix on newer and ever-shrinking CF cards. Clarified text for media selection (#1910) 2.0.2[13] December 21, 2012 Bug fixes Security fixes 2.0.3[14] April 15, 2013 Bug fixes Security fixes 2.1[15] September 15, 2013 IPv6 Support Upgrade to FreeBSD 8.3 Updated Atheros drivers OpenSSL 1.0.1e (or later) used by OpenVPN, PHP, IPsec, etc. PHP to 5.3.x OpenVPN to 2.3.x Added mps kernel module Added ahci kernel module Updated ixgbe driver Numerous Bug fixes Security fixes 2.1.1[16] April 4, 2014 Security fixes 2.1.2[17] April 10, 2014 Heartbleed OpenSSL Security fixes Bug fixes 2.1.3[18] May 2, 2014 Security fixes Bug fixes 2.1.4[19] June 25, 2014 Security fixes Bug fixes 2.1.5[20] August 27, 2014 Security fixes Bug fixes 2.2[21][22] January 23, 2015 Upgrade to FreeBSD 10.1 Update the IPsec stack to include AES-GCM, and IKEv2 Update PHP backend from FastCGI to PHP-FPM Update PHP to 5.5 Change from dnsmasq to the Unbound DNS Resolver Numerous Bug Fixes 2.2.1[23] March 17, 2015 Security fixes Bug fixes 2.2.2[24] April 15, 2015 Security fixes Bug fixes 2.2.3[25] June 25, 2015 Security fixes Bug fixes 2.2.4[26] July 27, 2015 Security fixes Bug fixes 2.2.5[27] November 5, 2015 Security fixes Bug fixes 2.2.6[28] December 21, 2015 Security fixes Bug fixes 2.3 [29] April 12, 2016 Upgrade to FreeBSD 10.3 Rewrite of the webGUI utilizing Bootstrap Numerous Bug Fixes 2.3.1 [30] May 18, 2016 Security fixes Bug fixes 2.3.2 [31] July 25, 2016 Security fixes Bug fixes 2.3.3 [32] February 20, 2017 Stability and Bug fixes Fixes for a handful of security issues in the GUI A handful of new features 2.3.4 [33] May 4, 2017 Stability and Bug fixes Fixes for a handful of security issues in the GUI A handful of new features 2.4.0 [34] Oct 12, 2017 FreeBSD updated to 11.1 New pfSense installer with support for ZFS, UEFI, and other partition layouts OpenVPN 2.4.x support GUI offers 13 different languages Web GUI improvements Certificate management improvements Captive portal rewritten to include CSR signing and international character support Version Release date Significant changes

References

1. "Hardware". Electric Sheep Fencing LLC. Retrieved 5 August 2015.
2. "64-bit support". Electric Sheep Fencing LLC. Retrieved 7 May 2017.
3. "pfSense 2.5 and AES-NI". Electric Sheep Fencing LLC. Retrieved 25 September 2017.
4. Cite error: The named reference Ullrich was invoked but never defined (see the help page).
5. Ullrich, Scott (October 29, 2006). "1.0.1-RELEASED!". pfSense Digest.
6. Ullrich, Scott (April 29, 2007). "1.2-BETA-1 released!". pfSense Digest.
7. Buechler, Chris (February 25, 2008). "1.2 Release Available!". pfSense Digest.
8. Buechler, Chris (December 26, 2008). "pfSense 1.2.1 released!". pfSense Digest.
9. Buechler, Chris (January 9, 2009). "pfSense 1.2.2 released!". pfSense Digest.
10. Buechler, Chris (December 10, 2009). "pfSense 1.2.3 released!". pfSense Digest.
11. Cite error: The named reference 2.0 was invoked but never defined (see the help page).
12. Buechler, Chris (December 20, 2011). "2.0.1 release now available!". pfSense Digest.
13. Buechler, Chris (December 21, 2012). "2.0.2 release now available!". pfSense Digest.
14. Buechler, Chris (April 15, 2013). "2.0.3 release now available!". pfSense Digest.
15. Cite error: The named reference 2.1 was invoked but never defined (see the help page).
16. Thompson, Jim (April 4, 2014). "2.1.1-RELEASE now available". pfSense Digest.
17. Thompson, Jim (April 10, 2014). "2.1.2 Release Now available". pfSense Digest.
18. Dillard, Jared (May 2, 2014). "2.1.3 RELEASE Now available". pfSense Digest.
19. Dillard, Jared (June 25, 2014). "2.1.4 RELEASE Now available". pfSense Digest.
20. Dillard, Jared (August 27, 2014). "2.1.5 RELEASE Now available". pfSense Digest.
21. Cite error: The named reference Buechler was invoked but never defined (see the help page).
22. Cite error: The named reference distrowatch.com was invoked but never defined (see the help page).
23. Buechler, Chris (March 17, 2015). "2.2.1 RELEASE Now available". pfSense Digest. Retrieved 13 April 2015.
24. Buechler, Chris (April 15, 2015). "2.2.2 RELEASE Now available!". pfSense Digest. Retrieved 15 April 2015.
25. Buechler, Chris (June 25, 2015). "2.2.3 RELEASE Now available!". pfSense Digest. Retrieved 7 July 2015.
26. Buechler, Chris (July 27, 2015). "2.2.4 RELEASE Now available!". pfSense Digest. Retrieved 27 July 2015.
27. Buechler, Chris (November 5, 2015). "2.2.5 RELEASE Now available!". pfSense Digest. Retrieved 1 December 2015.
28. Buechler, Chris (December 21, 2015). "2.2.6-RELEASE Now available!". pfSense Digest. Retrieved 1 December 2015.
29. Cite error: The named reference ReferenceA was invoked but never defined (see the help page).
30. Buechler, Chris (May 18, 2016). "2.3.1-RELEASE Now available!". pfSense Digest. Retrieved 18 May 2016.
31. Buechler, Chris (July 25, 2016). "2.3.2-RELEASE Now available!". pfSense Digest. Retrieved 25 July 2016.
32. Pingle, Jim (February 20, 2017). "pfSense 2.3.3 RELEASE Now Available!". pfSense Digest. Retrieved 20 February 2017.
33. Pingle, Jim (May 4, 2017). "pfSense 2.3.4 RELEASE Now Available!". Netgate Blog. Retrieved 4 May 2017.
34. Pingle, Jim (Oct 12, 2017). "pfSense 2.4.0-RELEASE Now Available!". pfSense Digest. Retrieved 12 Oct 2017.

-- Jytdog (talk) 00:23, 30 November 2017 (UTC)

Ownership

Looking for independent sources on the companies that have been involved in this - Electric Sheep Fencing LLC then Rubicon/Netgate. The business matters around this. Jytdog (talk) 14:49, 30 November 2017 (UTC)

Removal of content

User:Gonzopancho please explain why you are removing the content about the WTO matter. Thanks. Jytdog (talk) 17:29, 13 July 2018 (UTC)

how on earth does the WIPO matter have anything to do with pfSense (other than to simply promote OPNsense on pfSense wikipedia page?) --Gonzopancho (talk) 17:38, 13 July 2018 (UTC)

This is something that the company actually did. You need to explain why you removed it. Jytdog (talk) 21:29, 13 July 2018 (UTC)

Regardless of the truth of dispute, the paragraph on OPNsense does not belong on the pfsense page as has nothing to do with the open source firewall/router software distribution itself, which is what this article is for. This paragraph would be more appropriately moved to the wiki page for Rubicon Communications, LLC or Netgate, who are the companies involved in this dispute. Furthermore, Wikipedia is not the place for companies to get revenge and to bring up every cases that a company has lost against another. The WIPO case is public and people can find it. If the Decisio or the OPNsense developers fell upset about past events, they can mention such on their website and user forums. Wikipedia is not the place to carry on this argument. Full disclosure: I am not affiliated with either company or software project, but I don't appreciate the negativity that this paragraph brings and the lack of value it provides about helping someone learn about pfsense the firewall/router product. Ice Ardor (talk) 04:00, 24 April 2020 (UTC)

• I'm reverting and reinstating the content (but editing for brevity).
• Also: including material in parent or child articles is standard practice (e.g. Tor (anonymity network)#Tor Browser). Since there is no Negate parent article, such material would belong here (preferably under it's own section heading, for the time being). All are encouraged to boldly create such an article, however.
• WP:IDONTLIKEIT isn't a valid rationale. Nothing "negative" about it either way (it's rather dry, to be honest), and it passes the WP:NPOV test. -- dsprc ^[talk] 23:40, 25 November 2020 (UTC)

Why no mention of Netgate?

Why are there no mention of Netgate trying to hurt OPNsense by spreading lies on the Netgate owned domain opnsense.com? — Preceding unsigned comment added by Dustie (talk • contribs) 02:33, 5 November 2020 (UTC)

Semi-protected edit request on 4 September 2020

Preview REleases on daily basis https://snapshots.pfsense.org/amd64/pfSense_master/installer/ 92.117.174.218 (talk) 10:48, 4 September 2020 (UTC)

We usually don't include links like these. – Thjarkur (talk) 13:29, 4 September 2020 (UTC)

The note in the sidebar says that the last 2.5.0 release was over a year ago, which is incorrect and should be updated; right now, the oldest snapshot available via that link is from 02 January 2021. 71.237.199.9 (talk) 23:50, 9 January 2021 (UTC)

New release

Now up to version 2.5.1 210.54.90.224 (talk) 01:52, 14 April 2021 (UTC)

Discussion of reverts

@Dashmix: @Cyrix2k: Please discuss your reasoning for the edits you've made here so that we can reach an agreement and not engage in an edit war. Blaze The Wolf | Proud Furry and Wikipedia Editor (talk) (Stupidity by me) 16:01, 10 September 2021 (UTC)

@Cyrix2k:, You are reverting only the edits pertaining to OPNsense on the page of pfSense. This clearly indicates that you have some vested interest in OPNsense. It appears you are an advocate for OPNsense and is intent on having the pfSense page be an extension of your feelings toward Netgate, rather than fairly and objectively progressing an unbiased history of pfSense software.

I have restored my edits. Reasoning for my edits:

• pfSense is completely open source and not partially open source - the gnid source code is not needed to build the pfSense source code.

• In 2014, a competing open source firewall and routing software project, OPNsense, was forked from pfsense, with the first official release in Jan 2015. Both pfsense and OPNsense are under active development, while the original m0n0wall project has been discontinued - I had removed this line because it looks like self-promotion done by OPNsense as the citation was OPNsense’s own website which does not meet WP:CITE, WP:RS

• In November 2017, a World Intellectual Property Organization panel found Netgate, the copyright holder of pfSense, utilized OPNsense' trademarks in bad faith to discredit OPNsense, and obligated Netgate to transfer ownership of a domain name to Deciso - I had removed this because - Netgate is not the copyright holder of PfSense, the official website states that states that ‘pfSense software is Copyright 2004-2021 Electric Sheep Fencing, LLC.’ and ‘pfSense is a federally registered trademark of Electric Sheep Fencing, LLC.’ — Preceding unsigned comment added by Dashmix (talk • contribs) 16:14, 10 September 2021 (UTC)

Foremost: focus on content, not contributors, WP:CIV, WP:AGF, and all that jazz…

Further: line on partial, proprietary components was sourced – we'll need a source to back claims stating otherwise. (Per previous comments above on this matter: WP:IDONTLIKEIT isn't a valid rationale.)

Continuing: edit summary of removal stated: "removing content with no correct ref" – material is properly cited and ref'd.

Second ed summary claimed: "excluding possible vandalism by OPNsense" – that's not vandalism, and We ain't no OPNsense…

One-line blurb noting a fork doesn't read as promotional, and is free of puffery. Agree a third-party should be cited to support this claim, however.

Netgate is the commonly known trade name of Rubicon/El Sheep. Thus, presentation of such nomenclature in this manner would be appropriate; particularly since the shell [corp] game is noted by the referenced source. -- dsprc ^[talk] 22:32, 18 March 2022 (UTC)

Semi-protected edit request on 1 September 2022

Add hyperlink to OPNsense topic where that word appears in the article Clbii (talk) 00:35, 1 September 2022 (UTC)

 Done ScottishFinnishRadish (talk) 00:40, 1 September 2022 (UTC)

Infobox edits???

How can one edit the Infobox to contain both the paid and the community edition versions of pfSense? The paid versions are still happening yet community was last updated over a year ago. — Preceding unsigned comment added by NantucketHistory (talk • contribs) 17:52, 6 April 2023 (UTC)