What do you want to see in the pfSense package system?
-
Exactly what it says on the tin. Reworking the package system is giving me a chance to add features that didn't make it into 1.0, and I would like to get suggestions from our userbase as to what would be some nice features to have for both users and developers alike.
Please remember that very few (if any) of these changes will actually be making it into our 1.0 release.
-
Colin, I really like the direction you're taking the package system, as outlined in the blog. It almost seems, however, that you're going to run into a situation where you have two separate types of packages. Ones like nmap or ntop which add a front-end to a single piece of installed software, and another type of package which could more appropriately be called a meta-package.
This second type would be a group of different software installations intended to work together to perform a specific function, with a unifying user interface. With packages of this type it would be fairly easy to develop very specialized types of pfsense installs. Is this a goal for the packaging system – to enable users to build very specialized pfsense installs?
-
I like the idea of the modular system where it would add the software to the specified directories but be implemented in the web-interface vi a pre-set modular interface where adding 1 to 10 or more modules would show up in the menus in one of two styles; the first being meshed in with the rest of the items and the second would be a menu that says Modules or something and all the loaded modules would be in the list.
-
I like the idea of the modular system where it would add the software to the specified directories but be implemented in the web-interface vi a pre-set modular interface where adding 1 to 10 or more modules would show up in the menus in one of two styles; the first being meshed in with the rest of the items and the second would be a menu that says Modules or something and all the loaded modules would be in the list.
Right now packages make items in the <installedpackages><menu>area so they automatically appear. It's pretty easy to add items to the menus.
Scott
</menu></installedpackages> -
Colin,
I had several ideas that I shared with you before, but one that seems to be increasingly important due to continuous ensuring pfSense is secure is some sort of package upgrade option rather than complete new installations. In the case of the Squid package I'm working on, there have been a few security updates that did not impact the actual package (i.e., xml/php), but did not require reinstallation of the entire package to apply the binaries and such only applicable to Squid_Stable. Any ideas how to accomplish this? Thanks!
Mike
-
Could something like this be accomplished with rsynch using binary diffs?
-
@submicron:
Could something like this be accomplished with rsynch using binary diffs?
Possibly, the only problem would config variables changing names….any new additions could be appended to the configs but changes to existing would require parsing and replacement in the configs.
-
@submicron:
This second type would be a group of different software installations intended to work together to perform a specific function, with a unifying user interface. With packages of this type it would be fairly easy to develop very specialized types of pfsense installs. Is this a goal for the packaging system – to enable users to build very specialized pfsense installs?
The new package system should make it easy to make both types of packages. A 'master' package XML file could be made (with or without GUI fields) that would simply tie all the XML and software dependencies together into a single package. This XML file would then be passed to repomaker instead of all of the 'subpackages', allowing a single package entry to be presented to the client.
I will also try to mesh the package system as closely as possible with the base, though full integration may not be available right away.
I like the idea of the modular system where it would add the software to the specified directories but be implemented in the web-interface vi a pre-set modular interface where adding 1 to 10 or more modules would show up in the menus in one of two styles; the first being meshed in with the rest of the items and the second would be a menu that says Modules or something and all the loaded modules would be in the list.
Adding additional menu sections would be tricky, particularly with 'metallic' and similar themes. If the look and feel of the webGUI is made more easily customizable I may be able to look at this feature.
I had several ideas that I shared with you before, but one that seems to be increasingly important due to continuous ensuring pfSense is secure is some sort of package upgrade option rather than complete new installations. In the case of the Squid package I'm working on, there have been a few security updates that did not impact the actual package (i.e., xml/php), but did not require reinstallation of the entire package to apply the binaries and such only applicable to Squid_Stable. Any ideas how to accomplish this? Thanks!
The 'installed packages' page already provides buttons for upgrading either the software or XML dependencies, though this process isn't very intelligent just yet. I would like to eventually make 'installed packages' a basic summary page with important data about the package and provide a link to view more detailed information and provide a variety of ways to manipulate the installed package.
@submicron:
Could something like this be accomplished with rsynch using binary diffs?
Although bdiffs could theoretically be used in the future to provide smaller updates for packages, I would like to avoid using them for the time being.
-
Adding additional menu sections would be tricky, particularly with 'metallic' and similar themes. If the look and feel of the webGUI is made more easily customizable I may be able to look at this feature.
Possibly making the words in menus text and have css to change the text on mouse-over and possibly do an image swap for the background. Would be similar but not exactly the same. Also would cut down on the number of different graphics being loaded.
-
Adding additional menu sections would be tricky, particularly with 'metallic' and similar themes. If the look and feel of the webGUI is made more easily customizable I may be able to look at this feature.
Possibly making the words in menus text and have css to change the text on mouse-over and possibly do an image swap for the background. Would be similar but not exactly the same. Also would cut down on the number of different graphics being loaded.
Just to clarify. You can add package items to any existing menu. However, adding a new menu is not supported at the moment.
-
Adding additional menu sections would be tricky, particularly with 'metallic' and similar themes. If the look and feel of the webGUI is made more easily customizable I may be able to look at this feature.
Possibly making the words in menus text and have css to change the text on mouse-over and possibly do an image swap for the background. Would be similar but not exactly the same. Also would cut down on the number of different graphics being loaded.
Just to clarify. You can add package items to any existing menu. However, adding a new menu is not supported at the moment.
Adding complete new menus would break our maintheme (metallic). If adding complete new menus this is something that has to be supported by the theme as well. So it's not only a packagesystem thing but a theme thing as well if such a functionality is added. We would have to overthink this if we make this an option.
-
Might be a good idea to think about this kind of thing now rater than later, when things are more complicated. Are there any other reasons we would want to add more menus later on? Sounds like a strucural question that will probably be needed at some point later and should be planned for now to me.
-
I too like the idea of a modular system where people can create other little tools for it that can be installed on a user-needed basis. Kind of like the Firefox model where you can install different extensions based on what you want. If people can add their own "widgets" and have functionality that may not be originally in the package, or forseen during the making of pfsense, then it could be VERY successful.
-
Since it seems like pfsense is going to end up moving in a direction towards very specialized setups, the ability to add new menus would be helpful. Some of the packages that are being requested, would require fairly extensive GUI items. Squid could eventually get to the point where a menu for it makes sense, and a SPAM filtering package certainly could. I realize we're all pushing for the 1.0 release right now, and I hate scope creep as much as anyone so this is probably something that'll be better off being considered post 1.0, but this would be a very useful addition to the UI.
-
Print server function
-
Hi
I hope the freenas package work that was fine. :)
-
The package system as it stands is good, however the lack of documentation hinders development of additional packages by outsiders. I've found some documentation but nothing thats complete. Also some of the xml tags are confusing and not self explanatory.
For example
custom_add_php_command
When does this command run. I read something that stated it runs after the package install, however it also runs when changing the settings on a package. So when is this section useful when using the custom_php_install_command and custom_php_resync_config_command fields. Seems it would just duplicate things.
-
php_add is run after a item is changed in the gui.
resync runs on bootup, etc so that the rc.d files are setup from a fresh state (bootup).
Yes the docs are hurting. We hope to get them in better shape very soon.
-
Hi,
it would be nice to implement a timelimitpackage.
I need to give users or Ip addresses access on a given hour.For example: (Ip address 1) on Monday-Fryday between 9:00 and 11:00 pm
(Ip address 2) on Saturday between 2:00-3:00, and so ongreetings, hoster :)
-
trackerd(tracks MACs to IPs) would be nice
http://freshmeat.net/projects/trackerd
integrates into snortsam/snort or stand alone -
Quagga/ospfd
-
Routing protocols - OSPF - RIP
64 Bit support..T1, T3 card support (digium and zapata, etc)
BCP (http://www3.ietf.org/proceedings/99nov/slides/pppext-bridge-99nov/) -
HI,
I'd quite like to see squidGuard for automatic URL filtering. With the ability to have the rules auto synced via rsync to squidguard.mesd.k12.or.us::filtering or similar.
RegardsBen
-
Hello
I would like some way (don't know if any package/script does this) to create an iso file of my pfsense install, so that when I boot with a CD created with that install, all the packages, rules, configurations etc. of my original configurations are pre-installed and when I install pfsense from that CD it simply recreates my original pfsense machine with no question asked.
Also, I would like to see pfsense store two-three copies of its configurations, so that if it loses its configuration file due to some sudden power-failure it can simply restore the configuration from the backup instead of giving a configuration file not found error and requiring a reinstall in some cases and configuration restore in some.
I would even place a bounty on it. Can someone tell me what needs to be done?
With regards.
Sanjay. -
Also, I would like to see pfsense store two-three copies of its configurations, so that if it loses its configuration file due to some sudden power-failure it can simply restore the configuration from the backup instead of giving a configuration file not found error and requiring a reinstall in some cases and configuration restore in some.
This is already fixed in 1.2. Both the issues that caused config corruption, and a backup config now exists as well.
I would like some way (don't know if any package/script does this) to create an iso file of my pfsense install, so that when I boot with a CD created with that install, all the packages, rules, configurations etc. of my original configurations are pre-installed and when I install pfsense from that CD it simply recreates my original pfsense machine with no question asked.
That's much more difficult, as build machines require files that don't exist in the actual installs. It's easy enough to install and restore your config (which also reinstalls your packages), and difficult enough to do this, that there wouldn't likely be any developer interest.
-
That's much more difficult, as build machines require files that don't exist in the actual installs. It's easy enough to install and restore your config (which also reinstalls your packages), and difficult enough to do this, that there wouldn't likely be any developer interest.
Hmmm…well actually the idea was to recover from problems using a non-technical user especially in a geographically distant location, say an accountant or clerk, who simply puts in a cd in a pfsense system which is configured to boot first from a cd drive.....choose 99, take the cd out, reboot and voila the system is back in its required state. I actually had to travel to a nearby city when I could not get a remote loginwith a SME client who did not have the vaguest idea of what a KVM switch was, nor could afford it.
However, I would not mind using the complete build system to create a customised cd for every pfsense box that I install. I am a BSD virgin....so what skills would be needed for doing this and how complicated is the job of creating a bsd box that would buils a pfsense iso with required configurations & packages. Such a system can import the system backup file and build the configurations and then generate an iso file.
With best regards.
Sanjay. -
Well first post, so be gentle thanks
I'm looking into moving from ipcop to pfsense, some might say grow up, one thing that I seen and use that help me a lot over the years are
MC, Midnight Commander, did try to get a .tbz version, but kind of lost right now all BSD is new to me, and I get errors when I try to install, having a one version of MC in the add on system will be help for me to get better understanding of the BSD system.On more thing that I'm missing is a version ULR filter the one in ipcop is from ( http://www.urlfilter.net/ ) works well
Thanks for your time, and a cool trunk of software
-
On more thing that I'm missing is a version ULR filter the one in ipcop is from ( http://www.urlfilter.net/ ) works well
You can achieve something similar with Squid and blacklists.
-
maybe av with quid.
-
I would like to see pfsense handle hostheaders and nat them to the right internal server.
-
It would be perfect to have a package with the administration Mysql with graphics in PHP to integrate with the radius.
-
samba server
-
First , i just want to thanks all freebsd & pfsense commiters & developers because pfsense & freebsd are hudge, I install it many times for entreprises and for myself but …
- When a package is "stable" or released please do not erase it 4 month later...
For example : The snort 2.6 package was very well working for me few month ago .... but there is no 2.6 snort anymore in the package system. I don't want to install 2.7 myself and add 2.8 files for each installation. Why have we a web interface ? ( for newbies ...i know :) ) I prefer an old version well working than a recent one that does not work or need manual adds. A versionning of packages releases could be very usefull for developers and users.
- What i very would like is that PFsense could support official packages as (most usefull packages) : squid, squidguard & snort and others. I hope in the future, they will be integrated by defautl into pfsense but desactivated by default because of licence and/or installation platform ( soekris VS Quad core Xeon ..) and disks capacities ….
Any comments are welcome, sorry for my "working" english
Best Regards
Nicolas -
- When a package is "stable" or released please do not erase it 4 month later…
For example : The snort 2.6 package was very well working for me few month ago .... but there is no 2.6 snort anymore in the package system. I don't want to install 2.7 myself and add 2.8 files for each installation. Why have we a web interface ? ( for newbies ...i know Smiley ) I prefer an old version well working than a recent one that does not work or need manual adds. A versionning of packages releases could be very usefull for developers and users.
Not that i know the snort story, but if it contains security holes or other bugs it should be fixed. If it's only enhancements it should be left alone.
Another reason would of course be the underlying version of FreeBSD.- What i very would like is that PFsense could support official packages as (most usefull packages) : squid, squidguard & snort and others. I hope in the future, they will be integrated by defautl into pfsense but desactivated by default because of licence and/or installation platform ( soekris VS Quad core Xeon ..) and disks capacities ….
As pfSense is a spare time project there is a limit to the amount of code the dev's can support. Next there is the hole license issue bsd vs gpl and last but not least the packages system gives the freedom to do what you want with it as a user.
-
samba server +1
-
Can adzapper be in the package
adzapper
http://forum.pfsense.org/index.php/topic,12737.0.html
-
replacement for dnsmasq, something suitable for larger networks, I've the tinydns package but sometimes it makes my network goes awry, loss of internetconnectivity, maybe a wrong configuration, what I'd like to see is a full package tinydns with caching and forwarding.
-
popfile
http://getpopfile.org/
-
An HTTPD folder to upload files via the GUI like with the TFTP package, only for LAN access of course. There are newer VoIP phones that support only HTTP(S) instead of (T)FTP for their config files.
-
Now that I've had a chance to play with FreeRadius a bit I'l like to see some more functionality in FreeRadius. You have to user the terminal to access the logs for it or make any significant configuration changes.