Many of those are build time rather than run time dependencies. If you issue pkg_info -r 'freeradius-*' you'll get a listing of the run-time dependencies.
On my main FreeBSD box (note - not a pfSense box):
[david@titanium ~]$ pkg_info -r 'freeradius-*'
Information for freeradius-2.0.0:
Depends on:
Dependency: openssl-0.9.8g
Dependency: openldap-client-2.3.40
Dependency: python25-2.5.1_1
Dependency: perl-5.8.8_1
Dependency: libltdl-1.5.24
Dependency: libiconv-1.11_1
Dependency: gettext-0.16.1_3
Dependency: mysql-client-5.0.51
Dependency: gdbm-1.8.3_3
Dependency: gmake-3.81_2
Note that this is the current version of the net/freeradius2 port which is in the process of being committed to the FreeBSD ports tree - since I last posted FreeRADIUS 2.0.0 has been released, and FreeRADIUS 1.x is now in 'maintenance' mode with little if any further development.
OpenLDAP and MySQL are dependencies because I explicitly enabled that support - it's not default.
There are three run dependencies for net/freeradius2 there that aren't in net/freeradius (FreeRADIUS 1.1.7). They are python (rlm_python is stable in 2.0 but experimental in 1.x, so it's not built by default in 1.x), gmake (which is needed to run the bootstrap Makefile in raddb to build some default certificates - I may investigate patching the Makefile to make it work with BSD make) and OpenSSL (which is there because I use the up to date OpenSSL from ports rather than the older one in the base system).
In my opinion, any future work done on FreeRADIUS should be done with FreeRADIUS 2 - the extensive rewrites mean it's a much better product to work with. However, the footprint is a little larger than FreeRADIUS 1.x.
In the future, the python dependency could be made optional (though this really needs bsd.options.mk to be available, which can't happen until the ports tree drops support for FreeBSD 6.2 and earlier versions). Making the perl dependency optional is really tricky - more than rlm_perl uses it (for example, radsqlrelay is written in perl - though I've yet to add a necessary patch to the port to make that work correctly in FreeBSD) and there's no configure flag to turn off the perl requirement. Really, FreeRADIUS should always have perl available.
We both seem to be of a mind that there comes a point where it's inappropriate to run a complex server on a firewall.
I've decided that I will almost certainly buy a Dell T200 for my permanent pfSense setup; it can go in the rack that we're looking to install soon. I did price up a mini-ITX system, and I was going to pay as much for a 1.7GHz / 1GB RAM mini-ITX with only a single Gigabit interface that doesn't support ALTQ (and hence traffic shaping) as for a dual core 2.33GHz / 2GB RAM 1U rack machine with two bge interfaces (which are Broadcom Gigabit devices with ALTQ support). The power of the Dell should give me more than enough horsepower for Snort.
David
