Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What features make pfsense a firewall?

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 7 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      heper
      last edited by

      https://www.pfsense.org/about-pfsense/features.html

      1 Reply Last reply Reply Quote 0
      • H Offline
        Harvy66
        last edited by

        PFSense does stateful Layer3/4 packet filtering. It also does a bunch of other things, but this is the main feature of any firewall.

        1 Reply Last reply Reply Quote 0
        • M Offline
          mohiyodeen
          last edited by

          I have to install all these packages into pfsense or these all are built in features ??

          Firewall

          Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
          Limit simultaneous connections on a per-rule basis
          pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.
          Option to log or not log traffic matching each rule.
          Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
          Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
          Transparent layer 2 firewalling capable - can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
          Packet normalization - Description from the pf scrub documentation - "'Scrubbing' is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations."
          Enabled in the pfSense software by default
          Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
          Disable filter - you can turn off the firewall filter entirely if you wish to turn your pfSense software into a pure router.

          1 Reply Last reply Reply Quote 0
          • D Offline
            doktornotor Banned
            last edited by

            Is this question serious?

            1 Reply Last reply Reply Quote 0
            • M Offline
              mohiyodeen
              last edited by

              @doktornotor:

              Is this question serious?

              If you can't help newbie then please stay away.  :-\ :-\ :-[

              1 Reply Last reply Reply Quote 0
              • D Offline
                doktornotor Banned
                last edited by

                Help with what exactly? Using Google, perhaps? You claim to have used things like ISA and TMG and come here to post something like this?

                1 Reply Last reply Reply Quote 0
                • KOMK Offline
                  KOM
                  last edited by

                  Not sure what packages you are referring to, but yes, the features of the pf packet filter are included in pfSense which is based on pf.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    mohiyodeen
                    last edited by

                    @doktornotor:

                    Help with what exactly? Using Google, perhaps? You claim to have used things like ISA and TMG and come here to post something like this?

                    I am just going to use pfsense, I was bit confused and just clearing my confusion, ISA and TMG are totally different from pfsense. and obviously after searching on google, i came to this platform, but here the friends like you are not saying welcome to me. :-\

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      doktornotor Banned
                      last edited by

                      Uh. Perhaps, define what makes a firewall from your point of view. Bottom line:

                      • No, pfSense is not UTM.
                      • No, proxy ain't considered a firewall feature.
                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Definition: A firewall is a network security system, either hardware- or software-based, that controls incoming and outgoing network traffic based on a set of rules.

                        Since pfsense does this - there you go its a firewall ;)  Is that what you were looking for?

                        It uses PF, here this is info on PF which stands for PACKET FILTER..  kind of the heart of any firewall ;)

                        http://www.openbsd.org/faq/pf/

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • M Offline
                          mohiyodeen
                          last edited by

                          let me share you my idea, I just want to create a network like this

                          pfsense as firewall >>>  squid cache as proxy on centos7    >>> server2008 as FTP server, I want to share my ftp server over the network with security, that is why i am too much concerned related to security point of view.

                          what you people suggest.
                          what should i do to create a network like this.

                          1 Reply Last reply Reply Quote 0
                          • D Offline
                            doktornotor Banned
                            last edited by

                            I would suggest to NOT run an FTP server in the first place if you want a secure transfer protocol. Even the less on an OS like W2008.

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ Offline
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              Yeah I'm with dok, if you worried about security wtf would the words ftp come in to same sentence..  FTP has been deprecated for YEARS…  If you want to securely xfer files there are much better ways.  SFTP for example.. For that matter simple https website..  2k8 also quite old, is it even r2??  Your just going to use the ftp server that is part of IIS???

                              So your wanting to use squid as a reverse proxy?  Is that how you want to use it to your ftp server?  Or http you serving up off the iis box as well?

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • ? This user is from outside of this forum
                                Guest
                                last edited by

                                but can you people please explain what are the features in pfsense that we can call this a Firewall,

                                Firewalls are filtering traffic by using rules or rule sets, in pfSense this job is done by the packet filter pf.

                                as i think pfsense have only squid in it?

                                And ClamAV as a AV, Snort or Suricata as a IDS/IPS, but this are only features, options and functions
                                that came by default or over a packet system inside of pfSense. There are also on top many different
                                variants of firewalls available on the market and they all will be differ each from another by using different
                                techniques and functions. One of them would be the "NG-Firewall" that is working also application based.

                                Please elaborate.

                                A router is routing packets from one to another or more networks, a firewall is inspecting packets to
                                separate packets from one to another or more networks and because that a firewall is also capable to
                                route packets make them not automatically being in the same area or on the same stage of devices.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.