• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Packages wishlist?

Scheduled Pinned Locked Moved pfSense Packages
661 Posts 384 Posters 1.5m Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rcfa
    last edited by Jun 26, 2012, 7:00 PM Jun 26, 2012, 6:53 PM

    @Metu69salemi:

    way offtopic

    I just mentioned that does hammer work better if you can read hammer from the hammer itself?!? and have changeable plates on that so you can localize your hammer text. Like the shape itself isn't enough.

    No, but pfSense is a tool box, not a single tool. And a well organized and labeled toolbox is a lot more efficient to use, than a box where things are wildely out of order and you have to go hunting for the tools.

    Also, not everyone is a master craftsman. You want to be able to have the apprentice fetch an auger then you must assume that he may not know how an auger looks like, but if he can read and the toolbox is organized and labeled properly, he will likely fetch the auger, even if he's never seen one before.

    Further, since this is a thread about a wishlist, I think it's perfectly fine that I wish what I consider relevant. It's not like I'm dictating features, I just take the liberty to wish for what makes my work easier.

    1 Reply Last reply Reply Quote 0
    • D
      dhatz
      last edited by Jun 26, 2012, 7:12 PM

      IMHO pfsense pkg developers' energy should be focused on making sure that the handful of "Tier 1" packages (e.g. Snort, routing daemons for BGP/OSPF, Varnish/haproxy and Squid) work flawlessly.

      Btw I am not sure that trying to glue together packages like Squid + Dansguardian / SquidGuard etc will work as well as in the various commercial UTMs.

      Finally, since IMHO pfsense isn't very well suited for SOHO environment (unless one really wants to learn a great deal in the process), it doesn't matter very much if pfsense is always checking to make sure that a user doesn't do the wrong thing (e.g. resolving conflicts between packages Quagga-OSPF vs OpenOSPF etc).

      1 Reply Last reply Reply Quote 0
      • M
        mlanner
        last edited by Jul 4, 2012, 9:21 PM

        Hi,

        I would like to see Salt as a package. It would be convenient to be able to remotely configure and manage a bunch of pfSense installations from one central point.

        There's already a Salt package available in FreeBSD ports:

        http://docs.saltstack.org/en/latest/topics/installation/freebsd.html

        1 Reply Last reply Reply Quote 0
        • R
          rcfa
          last edited by Jul 8, 2012, 10:01 PM

          @dhatz:

          Finally, since IMHO pfsense isn't very well suited for SOHO environment (unless one really wants to learn a great deal in the process), it doesn't matter very much if pfsense is always checking to make sure that a user doesn't do the wrong thing (e.g. resolving conflicts between packages Quagga-OSPF vs OpenOSPF etc).

          You make it sound like learning something were a bad thing. pfSense works just fine in my SOHO setup, as a matter of fact, I switched to pfSense because nothing else out there (except maybe Vyatta, but I don't like their ever more proprietary approach) could do the job I want at anywhere near justifiable costs, because cost is a massive factor in a SOHO office.

          Arguing against built-in conflict resolution is like saying circular saws are for professionals only, and therefore they don't need finger guards. We might as well do away with the anti-lockout rule, etc.
          IMO any good product minimizes the error potential, that's the whole point of having a user interface in the first place, otherwise, we all could just edit config files with vi.

          1 Reply Last reply Reply Quote 0
          • K
            kdillen
            last edited by Jul 12, 2012, 7:57 AM

            In my case I would love to see nginx as package.  It can be used as reverse proxy, web server, SSL-offloading for HAProxy (replacement for stunnel), etc..  It is light in resource usage and does great work.

            1 Reply Last reply Reply Quote 0
            • U
              unstar
              last edited by Jul 12, 2012, 10:01 PM Jul 12, 2012, 9:54 PM

              Could anyone please create a Zabbix 2.0 Proxy package upgrade? Since there are a lot of improvements in the latest Zabbix release, It would be great if we could use it. Thank you! :-*

              1 Reply Last reply Reply Quote 0
              • L
                louis-m
                last edited by Jul 17, 2012, 9:02 PM

                i'd really like to see some kind of clientless ssl vpn. similar to what sslexplorer or adito is/was. the new astaro UTM has a html 5 based clientless vpn.be great if could link to freeradius also.

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Jul 17, 2012, 9:32 PM

                  If an up-to-date OSS project exists for such a thing, I'm sure it could be looked into, so long as the requirements are not crazy (like Adito's need for Java)

                  There really is no such things as a "clientless" VPN, it may use Java or hook into the browser, but it's still a client.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    judex
                    last edited by Jul 25, 2012, 10:20 AM

                    I would like a clickable whois search on the alerts or blocked tab in snort.

                    Greets, Judex

                    2.1-RELEASE (amd64)
                    built on Wed Sep 11 18:17:48 EDT 2013
                    FreeBSD 8.3-RELEASE-p11

                    1 Reply Last reply Reply Quote 0
                    • N
                      NG
                      last edited by Jul 25, 2012, 10:33 AM

                      At first many thanks to Ermal and others for great job with Snort package. I have one little wish to help my everyday job. We have pfsense in our network. This time it is securing 5 LAN networks and we have hundreds of users in our networks. Because our company have very tight internet rules we need to Snort our LAN side traffic also and block offenders in LAN networks. Problem is that when snort blocks out a user (or IP-address) there is no information send to user about that. Traffic just ends. Next thing is the user picks up the phone and calls us and reports internet failure. Is there any chance to get a popup window, redirection or at least error page to user that tells reason for blocking? It also would help us to fix problems in rules also. The page should say for example:"You are blocked out: #REASON#". Of cause there should be enable/disable tag and selection for LAN-networks also :)

                      1 Reply Last reply Reply Quote 0
                      • E
                        eri--
                        last edited by Jul 27, 2012, 10:02 AM

                        @NG:

                        At first many thanks to Ermal and others for great job with Snort package. I have one little wish to help my everyday job. We have pfsense in our network. This time it is securing 5 LAN networks and we have hundreds of users in our networks. Because our company have very tight internet rules we need to Snort our LAN side traffic also and block offenders in LAN networks. Problem is that when snort blocks out a user (or IP-address) there is no information send to user about that. Traffic just ends. Next thing is the user picks up the phone and calls us and reports internet failure. Is there any chance to get a popup window, redirection or at least error page to user that tells reason for blocking? It also would help us to fix problems in rules also. The page should say for example:"You are blocked out: #REASON#". Of cause there should be enable/disable tag and selection for LAN-networks also :)

                        Well you need to  put some funding to this since its not that easy.

                        1 Reply Last reply Reply Quote 0
                        • N
                          NG
                          last edited by Jul 27, 2012, 12:11 PM

                          Hi Ermal! I can talk with my bosses about funding. I can't promise anything, I'm just a small Network Engineer :) About the idea, I was just wondering if it's possible to do that Squidguard style. Comparing clients IP and Snort blocklist. If there's a match then redirect to info page. Actually maybe this can be done in Squid or Squidguard or other external process, so the Snort is not part of this. In this case Snort is just offering some information to other processes and they do the rest..

                          1 Reply Last reply Reply Quote 0
                          • D
                            diretore
                            last edited by Aug 7, 2012, 11:58 AM

                            openDNS dnscrypt proxy for encryption of dns traffic from pfsense box to opendns servers

                            1 Reply Last reply Reply Quote 0
                            • D
                              dominique.fournier
                              last edited by Aug 14, 2012, 2:42 PM

                              ndpmon (the IPv6 ARPWatch) should be interesting as PFSense is the router.
                              http://www.freebsdsoftware.org/net-mgmt/ndpmon.html
                              http://ndpmon.sourceforge.net/index.php

                              2.1 (amd64)

                              1 Reply Last reply Reply Quote 0
                              • P
                                Peter2121
                                last edited by Sep 26, 2012, 10:03 AM

                                SquidClamav - ICAP based antivirus for Squid. The FreeBSD port is present.
                                It would be better to use the ICAP based antivirus than HAVP (parent proxy). The ICAP integration mode has less limitations (QoS, stats, authentification etc.)
                                I hope, Squid3 package is compiled with ICAP support ;)

                                1 Reply Last reply Reply Quote 0
                                • D
                                  dhatz
                                  last edited by Oct 8, 2012, 7:51 PM

                                  Some SIP proxy (such as repro or Kamailio) would be nice

                                  Read more: http://www.opentelecoms.org/use-a-sip-proxy-instead-of-asterisk

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    babtras
                                    last edited by Nov 8, 2012, 7:24 PM

                                    A simple improved logging package, perhaps just a local syslog with a GUI.

                                    I understand the 50 row limitation of the default installation because of the ability to run on a machine with no hard drive. But I would imagine that most installs have some storage available and even a basic 10 year old machine will have a 10GB+ hard disk, plenty to store a reasonable amounts of logs.

                                    I would like to see a simple logging package that can be optionally installed that extends the logs beyond 50 entries (to a user-defined retention period or size) and provides some, even if rudimentary, filtering/sorting features.

                                    Most places I promote using pfSense are in small businesses where an enterprise-class firewall is needed, for multi-WAN or decent VPN capability, but unavailable due to budget constraints. In these cases, there's not much eagerness to buy a separate machine to run a syslog server or add that role to already overburdened servers. I don't think there's any reason why the pfSense machines can't store their own logs if the disk space allows it.

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc
                                      last edited by Nov 9, 2012, 3:24 AM

                                      Current gui accepts 2000 lines, check config options  ;)

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        dhatz
                                        last edited by Nov 19, 2012, 1:10 AM

                                        GNU Gatekeeper for H.323 proxy:

                                        http://www.gnugk.org/h323-proxy.html

                                        Rationale: H.323 remains by far the most popular protocol for video conferencing at companies, but unlike -recent- SIP software, H.323 can't deal with NAT thus requiring a proxy / ALG.

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          CrackBlue
                                          last edited by Dec 19, 2012, 7:25 AM

                                          I wish that

                                          1. aliases will include mac addresses and the firewall can manipulate mac addresses to deny/block
                                          2. squid will have purge option for the cache and edited some squid related configuration like.. squid.inc :)

                                          just a small wish though this christmas season

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received