Packages wishlist?
-
I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.
http://www.sysmon.org/config.html
Rrealtime accounting and monitoring would be nice to have as well:
pktstat (FreeBSD port exists)
->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue').iftop (FreeBSD port exists)
->listens to network traffic on a named interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts.monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.my 2c…
regards,
mr-s -
A LPR/LPD package to support using pfSense as a print (printer) server would be nice. Preferably with SAMBA support.
-
FreeRADIUS additions/modifications…
I've configured FreeRADIUS to add eap_tls and eap_ttls to authenticate my access point for WPA2-CCM on my pfsense box. What would be nifty is a the ability to integrate the CA similarly to how it is done for IPSEC VPN's to manage certificates for both the CA and users. This would give users the option to utilize either eap_tls or eap_ttls (for the more lazy). If you think about it, possibly just a centralized CA that was separated per duty might be sufficient (e.g., one for IPSEC another for OpenVPN, another for WPA, however utilizing the same openssl.cnf, etc and just splitting off different directories per usage type). Sorry for rambling... but I think this might provide a nice feature and pull together any loose ends that utilize certs for a auth method.
-
OSPF and RIP I + II would be on the top of the list.
Newer nVidia chipsets.. 4+
64 bit support would be nice too. -
OSPF and RIP I + II would be on the top of the list.
routed: RIP v1 and v2 daemon
Already available as package. -
I'd like to second the request for TorrentFlux. This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.
-
I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.
http://www.sysmon.org/config.html
Rrealtime accounting and monitoring would be nice to have as well:
pktstat (FreeBSD port exists)
->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue').iftop (FreeBSD port exists)
->listens to network traffic on a named interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts.monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.my 2c…
regards,
mr-sTry a pkg_add -r nagios I think you will be surprised what it will do out of the box. There are still some bugs that I am working with on my box from the stock install, but a person with some time could easily get it going I think.
-
I'd like to see some options for snort to include bleedingrules, controlled ip blocking. Maybe have an option to move the blocked ips to a permanent blacklist. A file editor option for snort.conf that lets you permanently make changes to the file for tuning. mysql support for snort to log to a database. It would also be nice to have the option to pull the rules from a different location like a local webserver.that would be awesome!!
-
I'd like to second the request for TorrentFlux. This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.
WTF! what kind of person are you, putting a torrent client on a firewall ! makes me wanna cry :'( :'( :'( :'(
-
Blame d-link. IIRC they started this blasphemy practice.
-
someone mentioned putting a file server up on it, although, that defeats the purpose of having a dmz, i don't know how i feel about having files on my firewall? i think an anti spyware/virus package would be great, that scanned incoming traffic..
-
A non-spooling p910nd style print server.
Since pfsense is the only box that is on 24/7 in my small office, it would be nice to have a printer attached to it.
Can anyone make a package out of this: http://etherboot.sourceforge.net/p910nd/ ? -
Hello everybuddy
First sorry for my english.
Second pfsense it's bryliant projekt.
Therd i have small network (wireless network with 200 users) and I have very offen problems when some of my wirelles link is broken because i work 200 kilometers from place wher i have this network and it was verry helpfull for me if sombody public packages to monitor network and send SMS when maybe ping is lost or some services are stop
Thank You for all
Greetings -
Hello everybuddy
First sorry for my english.
Second pfsense it's bryliant projekt.
Therd i have small network (wireless network with 200 users) and I have very offen problems when some of my wirelles link is broken because i work 200 kilometers from place wher i have this network and it was verry helpfull for me if sombody public packages to monitor network and send SMS when maybe ping is lost or some services are stop
Thank You for all
GreetingsDo you have a diagram….. i was thinking about SNMP to watch over things.
But never the less you could start a Bounty for your packages. -
I was thinking about sms to inform when somthing is broken because even if You are on hollidays you have mobile in your pocket all the time but laptop with internet conection very rare, so this sms can alarm you that somthing is wrong and you can fix problem very fast (find some internet caffe) or call to home and tell sombuddy what he can do to fixit. About the bounty sorry but I am only PLC programmer and have a basic know how about networking, so i must use somthing ready.
Grettings -
May be e-mail notification and mobile mail-agent solved you problem?
For example: cron executed every 1…10 minute task, what check you services and if alarm - sent e-mail notification. Need find script or program what can do services checkingInternet2SMS services very specific and get of pay in moust times.
-
I agree,
the HTTP Antivirus-Function should be a basic part of a firewall. -
Hello all
I have spent a couple of hours on these forums, for the first time after almost a year of install of my pfsense box…not a good community member, I'm afraid :(
However, since after changing my firewall distro more than a few times, I have decided on pfsense and will now be putting in a few bounties, to see if I can get a few things I want incorporated.
Here are my views:
- A firewall gateway distro should remain a firewall gateway distro and run as few applications as possible.
- That said, one cannot ignore the smaller SME users like myself, who have only one machine running 24/7 and thats the pfsense box, hence the need for some applications.
- However, since security is a firewall's main job & routing the gateway's main job....these two should not be compromised, if at all possible and extended wherever possible.
- I would vote for all packages that don't need incoming port access from the WAN. One can have time server, transparent proxies of all kinds (outgoing), caching dns server, ftp server for Lan clients and so on.
- But what I would really like to see all kinds of IDS, IPS, Load-sharing, Load-balancing, reporting on various usage stats from a users point of view that a normal small office cannot dedicate more than one computer to. E.g. today we have snort but nothing to analyse its input say snort sam or squill or acid, we have squid but no dansguardian like package, an improved IMespector proxy.
- Having said all that, I don't think that a mail server or any other server that accepts incoming connections from outside should be put on a perimeter firewall. If you are big enough to have run your own domains then you should invest in a DMZ machine and then offload as many applications to it from the main pfsense box, as you can. But then again, you can have a DMZ in main office & a hybrid pfsense server in branches. After all you are the one footing the bill for any problems arising out of an implementation decision.
- I think the direction of the project is very right but the community really needs to create a method for maintainence of old packages in addition of creation of new packages.
I hope I have not put the reader to sleep ;D
With best regards.
Sanjay. -
Hello, I'd like to see a speed test for the WAN port. If I get an idea to check the speed from my ISP I hook my laptop up directly to the cable modem and use dslreports.com/stest a couple of times, then hook everything back up. It would be quicker for my users and perhaps safer for my laptop if there were a function to cut off all my LAN traffic, perform some kind of speed test, re-enable the LAN and post the results on screen or in a log.
Thanks,
Vinc Duran -
I would very much like IPS (Intrusion Protection System) and, when secure enough, possibilities for an internet http- or e-mailproxy. This should make pfsense a more complete competition for the commercial solutions.