With Captive Portal you can provide the authentication portion. Outside of that there is no native functionality. There is no point in porting one of the two linux NAC solutions due to the integration with iptables on the linux-side. It would need to be written from the ground up with PF in mind.

Great idea! I would suggest a wiki page that anyone could go in and edit. Then post updates to the page to this thread (or a similar one) so anyone can watch the thread for updates. Or, people could post updates as a reply to a thread, and then have the original author update the main post with the updates so they are easy to read - but then if the original author goes MIA the info in the thread can lag…

Aliases ar not only making things easier or mkore readable, they also help to keep the amount of rules pretty low when using ports aliases in combination with hosts- or networkaliases.

Info –> Versions Live CD with Installer The Live CD platform allows you to run directly from the CD without installing to a hard drive or Compact Flash card. The configuration can be saved on a floppy disk or USB flash drive. Some features are not compatible with the live CD platform. In most circumstances, this should only be used as an evaluation of the software with your particular hardware. Hard drive installation The live CD includes an installer option to install pfSense to the hard drive on your system. This is the preferred means of running pfSense. The entire hard drive must be overwritten, dual booting with another OS is not supported. Embedded The embedded version is specifically tailored for use with any hardware using Compact Flash rather than a hard drive. CF cards can only handle a limited number of writes, so the embedded version runs read only from CF, with read/write file systems as RAM disks. Packages are not supported on embedded versions.

I'm talking about a whole other system. Life FreeNAs is not a firewall, but its based off the same monowall code. I'll look into the freeNas Option for now.

No and No. Actually these rules are on a per year basis iirc. So if you block let's say on January the 1st it will block on that day every year (2008, 2009, 2010,…). Why is a 15 minute slice not enough? A Cronjob will run every 15 minutes to see if the ruleset has to be changed and recreate and reload the filter if needed. Making smaller slices will put additional load on the firewall as it would have to check for changes more often. We thought 15 minutes intervals should be enough usually.

@tacfit: I moved off Microsoft's ISA 2004 firewall. :o   thank goodness for that!  :) back in the day, I setup OpenBSD at my network edge and built the pf.conf by hand, mainly to learn, and liked it a lot. eventually got lazy, and setup a soekris/m0n0wall, but wished it was openbsd based or at least had pf.  then I heard about pfsense, but I just sort of followed the progress forever and never tried it.    eventually my network expanded and outgrew m0n0 and I required some of pfsense's better features like loadbalance, and I'm pretty impressed.  I don't use captive portal nor have tons of users, I just have a handful of very bandwidth hungry users and I wouldn't use anything other than pfsense at this point

Not in 1.2.  See the traffic shaping bounty.

Thanks, I just added this feature to 1.3/HEAD.

Donate it to the pfSense Team or me :) If it is with HD run freebsd with webserver,syslog etc and http://www.askozia.com/pbx/ or http://www.freenas.org/ could be the way too

just an opinion : if you don't have yet a compleate monitoring solution, you can use nagios, you can find freebsd plugins.Or GroundWorkOpensource (like this you can define checks for all you need  ;))

nice done…maybe i will change my pix 515 even for pfsense. btw: i can recomand OTRS ticket system....i use it for some years and it's quite nice.

@Cry: @Eugene: It is news for me that it is obsolete ;-) Hey, it's only been around for 15 years or so: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing (for those that haven't come across it yet) Agree, I misread Kris… He does not reject terms network of class A,B,C. He  simply does not think in these terms: @Kris.J: I don't ever think in terms of Class A,B,C anymore - it's obsolete. Sorry.

Great! thanks. Now I know ABC of BSD :-))) By the way pfSense is a great job, Thank you guys! Eugene.

I use Zenoss on FreeBSD v6.2 to monitor servers, switches, routers, etc. -everything with an IP & SNMP- on the county government's WAN - we like it very much! -Kris

@Monoecus: Where did you put your page to? Is it running on the pfsense box? I have my website hosted on my NAS box (QNAP), and I've made a virtualhost just for this purpose, it works like a charm! Then I just redirect to that host with the arguments I want to show on the page.

Also, see the many threads where people ask if they can turn pfSense into a general purpose server.  The usual answer is that you're on your own…