Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice about PFSense vs the other free offerings

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 7 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tim.mcmanus
      last edited by

      I discovered pfSense from the folks on dslreports.com.  I consider that the authoritative ISP community site.  I've gotten the best technical details from folks there as well as discussing technologies and issues with employees from ISPs.  Those folks recommended pfSense when I wanted to upgrade my Netgear FVS firewall to something else.  Once I made the change I never looked back.

      They're all good and the nice thing is you can find the one that fits your personal preferences and what you want to achieve.

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        OPNsense is a fork of pfsense based in Holland.

        Consider Mikrotik and Smoothwall as well.

        One instance of unlimited Mikrotik incl. support is 250USD. Based in Latvia so no NSA backdoors to worry about :D

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Based in Latvia so no NSA backdoors to worry about :D

          You're joking, right?  Being from Latvia isn't protection from anything.  Everybody is already in the NSA's pocket, and they've already shown they have no problems intercepting hardware en route and infecting it.  Hell, some of the ASICs inside the router may already be compromised.

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            @Supermule:

            Based in Latvia so no NSA backdoors

            Right. That's KGB over there.

            1 Reply Last reply Reply Quote 0
            • T
              tim.mcmanus
              last edited by

              @Supermule:

              Based in Latvia so no NSA backdoors to worry about :D

              Youtube Video

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Thanks much. I'll pass on mikrotik for now. Maybe next router.

                I made my decision. PFSense wins. Untangle requires paid upgrades to really become useful. Sophos is too complicated for easy things and it's hard to find good answers. The Sophos AV I was most interested in looks less important after some research.

                PFSense with $30/year for snort is good. UPnP will help me with ooma and my slingboxes, also my NAS later when I want to access it from outside. Port forwarding looks easy if UPnP won't 'hold' the settings after I turn it off. My newly build small pc should power it nicely, in fact I might be able to replace it with something smaller and put the new pc to work as a HTPC, later.

                I'm most interested in upgrading from DD-WRT to keep the bad guys out. With everyone under the sun scanning all day and who knows what they might find for a vulnerability, I want to be safe. I'm wondering if NAT and SPI will someday be looked upon as 'good in their day' until xxxx came along.

                1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator
                  last edited by

                  @jim1000:

                  PFSense with $30/year for snort is good.

                  If your going to use Snort or Suricata, you can also use the Emerging Threats List.. They have a free "Open" List, and also a "Pro" version which is a little pricey but very good….

                  I'm most interested in upgrading from DD-WRT to keep the bad guys out. With everyone under the sun scanning all day and who knows what they might find for a vulnerability, I want to be safe.

                  You can also use pfBlockerNG which will block known malicious IPs.
                  https://forum.pfsense.org/index.php?topic=86212.0

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  • T
                    tim.mcmanus
                    last edited by

                    @BBcan177:

                    @jim1000:

                    I'm most interested in upgrading from DD-WRT to keep the bad guys out. With everyone under the sun scanning all day and who knows what they might find for a vulnerability, I want to be safe.

                    You can also use pfBlockerNG which will block known malicious IPs.
                    https://forum.pfsense.org/index.php?topic=86212.0

                    Big +1 for pfBlocker.  I am using an iblocklist subscription that's been very helpful.

                    Remember, security is best done in layers.  Start simple, add a layer.  Wash, rinse, repeat.

                    1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator
                      last edited by

                      @tim.mcmanus:

                      Big +1 for pfBlocker.  I am using an iblocklist subscription that's been very helpful.

                      Remember, security is best done in layers.  Start simple, add a layer.  Wash, rinse, repeat.

                      Hey Tim,

                      Im really not a big fan of IBlock lists, there are a lot of other lists available that will do a better job… I wrote a script here, that Dok posted... (Just don't let him take the credit ;)  )

                      https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975

                      Also v2.0 will have DNSBL domain name blocking via Unbound...

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      1 Reply Last reply Reply Quote 0
                      • JailerJ
                        Jailer
                        last edited by

                        @BBcan177:

                        @tim.mcmanus:

                        Big +1 for pfBlocker.  I am using an iblocklist subscription that's been very helpful.

                        Remember, security is best done in layers.  Start simple, add a layer.  Wash, rinse, repeat.

                        Hey Tim,

                        Im really not a big fan of IBlock lists, there are a lot of other lists available that will do a better job… I wrote a script here, that Dok posted... (Just don't let him take the credit ;)  )

                        https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975

                        Also v2.0 will have DNSBL domain name blocking via Unbound...

                        At the risk of sounding like a total noob, what all exactly does this block? I currently have the top 20 blocked. Will this block those as well as other known offenders?

                        1 Reply Last reply Reply Quote 0
                        • T
                          tim.mcmanus
                          last edited by

                          @Jailer:

                          @BBcan177:

                          @tim.mcmanus:

                          Big +1 for pfBlocker.  I am using an iblocklist subscription that's been very helpful.

                          Remember, security is best done in layers.  Start simple, add a layer.  Wash, rinse, repeat.

                          Hey Tim,

                          Im really not a big fan of IBlock lists, there are a lot of other lists available that will do a better job… I wrote a script here, that Dok posted... (Just don't let him take the credit ;)  )

                          https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975

                          Also v2.0 will have DNSBL domain name blocking via Unbound...

                          At the risk of sounding like a total noob, what all exactly does this block? I currently have the top 20 blocked. Will this block those as well as other known offenders?

                          Since it's better than what I got, I'd guess that it will.  Speaking about my subscription because it's what I got, they do collect known IPs and block them.  I can see script kiddie attacks being blocked scanning for port 22, 53, and a few others.  It's just another layer of security, but I'm going to clink that link to see if I can do better.

                          Props to BBcan177 for the improved linkage.

                          1 Reply Last reply Reply Quote 0
                          • BBcan177B
                            BBcan177 Moderator
                            last edited by

                            @Jailer:

                            At the risk of sounding like a total noob, what all exactly does this block? I currently have the top 20 blocked. Will this block those as well as other known offenders?

                            Unfortunately, the primary reason why I wrote pfBlockerNG was not for the Country blocking per se.. It was that the previous pfBlocker version couldn't handle a lot of the Threat Sources that are available… Also it didn't have any de-duplication of the lists... Not to mention that the Country lists were over 2 yrs out of date.

                            So to answer your question, if you use the Country Blocking features, it will download those first, then other lists are downloaded and if the IPs are already being blocked by a Country List, those IPs are skipped as they are already in the database...  So yes, the other lists make a big difference then just using Top20.

                            "Experience is something you don't get until just after you need it."

                            Website: http://pfBlockerNG.com
                            Twitter: @BBcan177  #pfBlockerNG
                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.