• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Packages wishlist?

pfSense Packages
384
661
1.4m
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mdepot
    last edited by Aug 15, 2006, 2:34 PM Aug 15, 2006, 2:18 PM

    My wishlist would be improvements to:

    * Web Proxy Content Filtering
      * Web & Email Anti-Virus Scanning Proxies

    Proxy filtering has been tossed around quite a bit, notably with SquidGuard, but looking for a solution that checks based on actual content scanning (as opposed to just list checking).  Something similar to DansGuardian (but with a more open licence) would be great.  And if we're scanning the content anyway, it would be great if virus signature scanning could be done at the same time.

    It would also be nice to have a lightweight (relative to sendmail/postfix anyway) SMTP reverse proxy capable of scanning email for junk and virus signatures.  This would be a transparent reverse proxy for SMTP (& SMTPS?), preventing junk mail and virus emails from ever making it to the mail servers inside.  (Check out ASSP and DspamPD if you're looking to get a better idea of the concept.)

    Both of these wishlist ideas are not exactly 'lightweight' and may not belong on a box that's strictly a firewall, but they do both protect the inside from the outside, and would be a good fit for many smaller orgs without dedicated resources for these.

    1 Reply Last reply Reply Quote 0
    • K
      kferguson
      last edited by Aug 18, 2006, 4:02 PM

      I'd like an interface to allow creation of firewall rules based on GEOIP data.  Many organizations provide services within a limited geographical area, and could live without all the traffic from regions outside those service areas.  I've seen examples of pf implementations, but I'm not sure what would be required to integrate this functionality into pfsense.

      Kirk

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by Aug 18, 2006, 5:09 PM

        @kferguson:

        I'd like an interface to allow creation of firewall rules based on GEOIP data.  Many organizations provide services within a limited geographical area, and could live without all the traffic from regions outside those service areas.  I've seen examples of pf implementations, but I'm not sure what would be required to integrate this functionality into pfsense.

        Kirk

        That might be quite easy with the uopcoming alias features of pfSense (already implemented in the HEAD tree), where you can update your aliases frequently by downloading an external file (see http://pfsense.com/~sullrich/pics/SampleAlias.PNG for a screenshot of that already implemented feature).

        1 Reply Last reply Reply Quote 0
        • C
          Cry Havok
          last edited by Aug 19, 2006, 7:41 PM

          Nylon (socks proxy) would be nice to see.

          1 Reply Last reply Reply Quote 0
          • P
            ptaylor
            last edited by Aug 21, 2006, 2:59 AM

            An interesting (though probably very difficult to add) package would be TorrentFlux:

            http://www.torrentflux.com/

            Basically, it's a web-based torrent manager.  Ever since I ran across this, I've thought the concept was pretty neat.  You can even configure it to automatically remove the torrent once you've shared it a number of times.  It looks like it even has its own user system. With this as a package you may be able to block torrent downloads behind the firewall and only allow them through this interface, where traffic shaping is in control of the bandwidth utilization rules you've set up…   Each user on the network could have a login so that they could download torrents in a controlled manner, so each workstation isn't competing for the bandwidth.

            1 Reply Last reply Reply Quote 0
            • J
              JeGr LAYER 8 Moderator
              last edited by Sep 8, 2006, 10:51 AM

              Would people find these useful?  NRPE and some plugins?  What plugins would be most useful (other than check_ping)

              Yep. Horribly useful! We currently use (and I would be glad to use on pfSense):

              check_nrpe!check_total_procs (processes)
              check_nrpe!check_disk1 (discspace - you never know what hits your logfile)
              check_nrpe!check_load (load)
              check_nrpe!check_ping (ping - different hosts)
              a check for the firewall / packet filter itself
              check_ntp
              check_ssh
              (and perhaps for pfsenses GUI check_http(s))

              These would sure be nice additions dreams Full integration into Nagios… blinks

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • F
                fricardo
                last edited by Sep 11, 2006, 12:07 PM

                I would like to see one package to SARG (Squid Analysis Report Generator).

                I'm starting to use pfsense 1.0-RC2 4 days ago. Great work! How can I build one SARG package?

                Thanks,

                fricardo

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by Sep 11, 2006, 12:30 PM

                  There is not much documentation on how to create a package, however some pointers can be found where to start at the forum. Please search.

                  1 Reply Last reply Reply Quote 0
                  • D
                    darek
                    last edited by Sep 29, 2006, 11:56 AM

                    I would like to see ipfm + scr_ipfm integrated

                    Keep up the good work.

                    Greetings Darek

                    1 Reply Last reply Reply Quote 0
                    • O
                      oasisgate
                      last edited by Oct 9, 2006, 12:17 AM

                      the good service to addon pfsense…apcupsd for APC UPS...

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by Oct 9, 2006, 2:13 PM

                        @mdepot:

                        It would also be nice to have a lightweight (relative to sendmail/postfix anyway) SMTP reverse proxy capable of scanning email for junk and virus signatures.  This would be a transparent reverse proxy for SMTP (& SMTPS?), preventing junk mail and virus emails from ever making it to the mail servers inside.  (Check out ASSP and DspamPD if you're looking to get a better idea of the concept.

                        ASSP doesn't support AV scanning and DspamPD hasn't been actively developed for over a year.

                        1 Reply Last reply Reply Quote 0
                        • G
                          gbelanger
                          last edited by Oct 17, 2006, 12:08 AM Oct 14, 2006, 7:05 AM

                          I liked the idea of a 'voting system' for package suggestions. I would really like to see something out there to enforce corporate content-filtering policies. Right now, the squid package somewhat addresses the web side. The SMTP part is a bit less interesting unless you are putting the firewall in your production environment (as opposed to office) where it can behave as a server-side proxy. I have successfully used transparent POP3 proxying in the past. However, I dont think its a very clean way of doing email filtering.

                          The one still missing from most distros is instant messaging proxying/filtering for the main clients (MSN/Yahoo/AOL/Google). This would allow for a complete content-filtering solution. (Web + IM, while mail is imparted). Note that some suggested antivirus support for the web proxy, this is fairly difficult to implement, and very unefficient. (Because the proxy cant really know if its a virus until the download is .. well.. done).

                          As for SMTP filtering (SpamAssassin and such) - I do think that  spam filtering without a proper quarantaine solution is a bit wreckless. As such, I would be tempted to leave the spam filtering to a dedicated solution. However, blocking malicious code and extensions as well as defanging potentially dangerous dynamic content are all very feasible tasks. I myself would tend to focus on these features.

                          Someone proposed bind as a package. I find the mention of bind running on a firewall a little disturbing =P I frankly don't really see the point of running DNS off a firewall. It seems somewhat off-focus.

                          Just my 2 cents -

                          1 Reply Last reply Reply Quote 0
                          • A
                            anystupidassname
                            last edited by Oct 20, 2006, 2:20 AM

                            Congrats on the gold release! I've been impressed with pfsense from the beginning when I discovered it from a m0n0wall source.

                            My 2 cents on the packages wishlist:

                            -FakeAP(http://www.blackalchemy.to/project/fakeap/)
                            -Linblock (http://www.dessent.net/linblock/) this is really just a script but I have no clue how to implement it on BSD
                            -A package allowing you to provide a one-time (expiring) link to a file download from the local freeNAS raid volumes (scawf if you want…)

                            These were already talked about but I 2nd the request for these:
                            snort
                            nagios
                            asterisk
                            tftp/pxe capabilities
                            dansguardian
                            cups

                            I saw these in the list pre 1.0 so I'm hoping they'll get re-added:
                            freeradius
                            freeNAS

                            Thanks for listening!

                            1 Reply Last reply Reply Quote 0
                            • S
                              sullrich
                              last edited by Oct 24, 2006, 8:26 PM

                              Snort is already included.  The TFTP/PXE proxy is in HEAD and should make its way to a future version.

                              1 Reply Last reply Reply Quote 0
                              • Y
                                yoda715
                                last edited by Nov 5, 2006, 2:40 AM

                                I would like to see a content filter package using Dansguardian.

                                1 Reply Last reply Reply Quote 0
                                • B
                                  bluekkis
                                  last edited by Nov 5, 2006, 10:53 PM

                                  I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hoba
                                    last edited by Nov 5, 2006, 11:02 PM

                                    @bluekkis:

                                    I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.

                                    It's already there: services>Dynamic DNS.

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      bluekkis
                                      last edited by Nov 6, 2006, 7:50 AM

                                      @hoba:

                                      @bluekkis:

                                      I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.

                                      It's already there: services>Dynamic DNS.

                                      Duh… and I though I had already gone through all features, thx anyway =)

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        rdevries
                                        last edited by Nov 8, 2006, 4:25 PM

                                        I would like to see spam filtering ie:spamassassin
                                        Content filtering ie: squidguard, dansguardian

                                        Thanks

                                        1 Reply Last reply Reply Quote 0
                                        • G
                                          gbelanger
                                          last edited by Nov 20, 2006, 2:49 AM

                                          This :

                                          http://www.imspector.org/

                                          Would be a very valuable addition. It's basically a Instant Messenging proxy, which means that it can be used to provide logging facilities that are mandatory for most security certifications.

                                          It could also be used to block IM file transfers and eventually provide antivirus/extension-based blocking. Its a great addition to pfSense because this way it could provide application-layer filtering for the three main point of entry for viruses/malware: web, email and im.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.