Packages wishlist?
-
Given the some of the recent feedback regarding problems with using BGP under pfSense, based on this discussion at the freebsd-net mailing list, it seems that bird might be the answer …
http://www.freshports.org/net/bird/
http://bird.network.cz/ -
HAProxy-devel also supports SSL, but is not ready for production and also SNI could be an issue.
So I request a package for Stud (https://github.com/bumptech/stud) is a lightweight and easy to configure proxy which can coexist with HAProxy to support SSL and SNI for production servers. Thanks!
-
Since Snort is single-threaded, wouldn't it be nice to include a package for suricata (http://suricata-ids.org/) which supports mutli-threaded processing?
Ref: http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf
-
Since Snort is single-threaded, wouldn't it be nice to include a package for suricata (http://suricata-ids.org/) which supports mutli-threaded processing?
Ref: http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf
Looks like a great one. I also think the non-proprietary nature would make it a better fit, and with more and more GPU-power, CUDA support could make quite a difference in CPU load and allow for better utilization of existing hardware.
Also, Snort, over the past, seems to have been rather fickle, and quite the resource hog. Anything that's more efficient and less picky or easier to configure would be a good step forward. -
would love to have freeswitch
-
-
A STUN server package would also be VERY useful.
http://sourceforge.net/projects/stun/
Basically, as "low end" hardware gets more powerful, pfSense would be very useful to evolve into a "network border server" in addition to being a firewall router.
Tons of services that need to be available from the public net, and that one may not want to puncture the protective wall, could simply run on the firewall device: STUN, OwnCloud, FreeSwitch/Asterisk/PBSinAFlash, Suricata/Snort, privoxy/trackmenot/TOR, etc.
If we don't want a totally cluttered environment, at some point it may make sense to have "official" packages, which are fully integrated and tested to cover certain aspects of a network border server.
-
A STUN server package would also be VERY useful.
http://sourceforge.net/projects/stun/
Basically, as "low end" hardware gets more powerful, pfSense would be very useful to evolve into a "network border server" in addition to being a firewall router.
Tons of services that need to be available from the public net, and that one may not want to puncture the protective wall, could simply run on the firewall device: STUN, OwnCloud, FreeSwitch/Asterisk/PBSinAFlash, Suricata/Snort, privoxy/trackmenot/TOR, etc.
If we don't want a totally cluttered environment, at some point it may make sense to have "official" packages, which are fully integrated and tested to cover certain aspects of a network border server.
To complement stun, STUN-over-TCP (http://sourceforge.net/projects/stunovertcp) would be a good combination with Vovida STUN (http://sourceforge.net/projects/stun/).
-
ziproxy!
http://ziproxy.sourceforge.net/download.html
-
portspoof could be a nice addition
https://github.com/drk1wi/portspoof
-
I wish Snorby would be as a package. I have setup on another machine it is very handy. I don't want to have to run 2 machines to do this. I have enough CPU for both in firewall machine
-
Since Snort is single-threaded, wouldn't it be nice to include a package for suricata (http://suricata-ids.org/) which supports mutli-threaded processing?
Ref: http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf
Looks like a great one. I also think the non-proprietary nature would make it a better fit, and with more and more GPU-power, CUDA support could make quite a difference in CPU load and allow for better utilization of existing hardware.
Also, Snort, over the past, seems to have been rather fickle, and quite the resource hog. Anything that's more efficient and less picky or easier to configure would be a good step forward.+1 from me
-
Actually a forum wishlist: make sub-sections for each package under the Packages section.
It's pretty hard to browse all relevant threads relevant to a particular package, it would be easier to have these threads grouped.
That would also make it easier for maintainers to have a quick look if there's activity, and for users to see if a package is alive.- 1 from me too as i was ordering a adtrap wich do not work.
And to ship it back again is like ordering a new
- 1 from me too as i was ordering a adtrap wich do not work.
-
this script may help you undestanding how to install it on freebsd.
Most of this are already done on snort package
https://github.com/shirkdog/snorby-bsd/blob/master/snorbyInstall.sh -
strongSwan!
-
-
Any antivirus solution for squid-dev or installation wayout.
Thanks
-
A bandwidth monitor that allows you to keep track of Data Caps. Kind of like Traffic Accounting in IPCop.
-
I would love a package that could remove spikes from RRD graphs. Cause sometimes when I reboot pfSense I get really high spikes on the graphs that is not normal, and it destroys the whole graph.
Some links about this matter:
https://github.com/mhagander/rrdclean
http://acktomic.com/2007/08/31/removing-spikes-from-rrd-databases/
http://www.serveradminblog.com/2010/11/remove-spikes-from-rrd-graphs-howto/ -
My Whishlist:
Simple "ifdown" package - reboot. (if not able to ping a given host, reboot pfsense)
..or can this be done with cron and a command directly on the box itself ?
