Packages wishlist?
-
Hi,
I would like to see VLAN isolation integrated with Snort , currently using Packetfencehttp://www.packetfence.org/ for this task.
But if Snort package or other similar package will include same functionality of VLAN isolation would make the configuration much easier and give complete solution.Cheers
-
Not really sure what you're talking about with vlan isolation, but pfSense is vlan capable and you can run snort on a "vlan-interface".
-
Not really sure what you're talking about with vlan isolation, but pfSense is vlan capable and you can run snort on a "vlan-interface".
i know i can run snort on vlan interface , VLAN isolation is when risk detected like worm or virus etc.. related host port switch is automatically moved to designated isolated VLAN until depends on procedures could be done automatic or IT manual intervention risk is removed same as packetfence doing its simply i meant integrate NAC (network access control) with Pfsense .
-
i'm not sure this is the right place for asking this question.
could someone make bandwidthd's description shorter?
-
Hi All!!
First of all, what a TERRIFIC piece of software pfSense is!!.
I've been using m0n0wall for a couple of years, with very good results, but pfSense is in another level.
In my humble opinnion, I think a nice idea would be adding a console screensaver.
I understand that the module is called green_screensaver.ko, and since Im new to this amazing software, as far as I know it doesn't have it, but I've been wrong before. Please, correct me if this is the case.
Thank you!
Kind Regards
Patricio
-
I had my pfsense 2.0RC3 updating almost daily, I have squid on it running custom config file, I don't like the lightsquid reports, I install my self sarg which is superior than lightsquid.
At the spanish forum I put there how to setup manually sarg and some screens of my server, this is a good tool for pfsense.
http://forum.pfsense.org/index.php/topic,39568.0.html
My 2 cents ;D
-
How about squid hit/miss metrics graphs etc?
I believe ipcop uses this software http://sourceforge.net/projects/squid-graph/
Which someone crafty can probably wrap up in to a pfsense package in no time, assuming pfsense includes a perl interpretter.
Although squid does talk snmp, so perhaps use that?
-
I'd like to see privoxy added, plz.
-
I would like to see a mail proxy package that would accept all incoming e-mail and scan it for spam, viruses, and grey list it. After it completes the following task, it would then release it to an internal mail server.
Something like the spamD package that dropped off the grid.
These days having proxy filtering I believe is a must have at the gateway level.
A bounty was proposed for proxsmtp, which can do much of this, but the money was withdrawn before any progress could be made.
I'm working on postfix package version 2.0 with many of these implementations.
-
Postfix package v2 is out.
check it out:
http://forum.pfsense.org/index.php/topic,40622.0.html:D
-
ArpON looks quite interesting for the security-conscious netadmins and it supports FreeBSD:
http://arpon.sourceforge.net/
07/27/2011 :: ArpON 2.7 released!
What is ArpON?
ArpON (ARP handler inspection) is a portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.This is possible using three kinds of anti ARP Spoofing tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dynamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.
ArpON is therefore a proactive Point-to-Point, Point-to-Multipoint and Multipoint based solution that requires a daemon in every host of the connection for authenticate each host through an authentication of type cooperative between the hosts and that doesn't modify the classic ARP standard base protocol by IETF, but rather sets precise policies by using SARPI for static networks, DARPI for dynamic networks and HARPI for hybrid networks thus making today's standardized protocol working and secure from any foreign intrusion.
-
As the siproxd thread is locked, here is my wish:
Ive been using siproxd in a "test" enviroment since Dec 2010 ( since pfSense 2.0 beta5 till the 2.0 Release version ) and all work great, next week it will go to "production" and just one thing i wish to have :
if i enable "Log redirected calls" the logs go to "Status: System logs: System", is posible to have the logs in "Status: Package logs" ?
-
I'd like to see a TOR hidden services package developed so that I can generate .onion addresses for and connect my PFsense router to TOR and port forward traffic from it as needed. Optionally I could select to become a TOR exit node, bridge, or relay.
-
Support of Net-SNMP (this is very simple) and custom scripts called through the "NET-SNMP-EXTEND-MIB".
This way I am currently able to make Cacti collect Unbound stats and also get better CPU graphs than with bsnmpd…
-
Package #1: TOR router, relay, bridge and exit.
Would allow people to host a TOR relay, bridge, or exit router. Optionally also could be used to tunnel all LAN traffic meant for WAN though TOR.Package #2:
Digital SSL Notary Package based on: http://convergence.io/Would allow people to host a digital SSL notary on their PFsense router. The more notaries there are, the more secure the system.
-
Update siproxd to v0.8.1
http://siproxd.sourceforge.net/index.php?op=changelog
Release 0.8.1 10-Jul-2011 This release fixes some bugs, one of them concerns building (libltdl). As a feature for small embedded systems, the pthread stack size is configurable to minimize the memory footprint (RAM). Another highlight is the new plugin_regex that allows rewriting the SIP "To" header (call target) of outgoing calls using regular expressions.
-
I wish there was a Streaming Meidia Server package, possibly this one, the site has full source code, linux/unix/windows. sounds like it would be pretty simple? no? :D I wish ^.^
http://code.google.com/p/ps3mediaserver/
-
I wish there was a Streaming Meidia Server package, possibly this one, the site has full source code, linux/unix/windows. sounds like it would be pretty simple? no? :D I wish ^.^
http://code.google.com/p/ps3mediaserver/
The PMS runs in java and requires a whole lot o other software (mpgenc, mplayer, etc.)
Not something you install on your firewall, but on your NAS instead :) -
Can you add freenas into pfsense? :D
-
