Packages wishlist?

dennypage

@msanangelo:

Also, is it too much to ask for some critical software patches around here? I've got 4 vulnerable packages in 2.3.3 and my only hope is to wait for 2.4.

What packages? And is there a reason that you haven't installed the 2.3.4 update?

gerby123

Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

jimp

@gerby123:

Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

That's been on my to-do list for a while. It's just a lot of work, having to go through and rearrange everything to the 3.x directory layout and changes in the config.

gerby123

I have no experience writing PFSense packages but I'd be willing to contribute.

@jimp:

@gerby123:

Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

That's been on my to-do list for a while. It's just a lot of work, having to go through and rearrange everything to the 3.x directory layout and changes in the config.

kroem

@jahonix:

@vagnyj:

Virtual Box

No.
This is your firewall, not a hypervisor.
However, you can install a virtual pfSense on a hypervisor.

…and ASR's, NCS's, PTX's etc are not routers? :)

jimp

@gerby123:

I have no experience writing PFSense packages but I'd be willing to contribute.

@jimp:

@gerby123:

Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

That's been on my to-do list for a while. It's just a lot of work, having to go through and rearrange everything to the 3.x directory layout and changes in the config.

FreeRADIUS 3 package is available on 2.4 snapshots for testing now, try it out and post feedback here: https://forum.pfsense.org/index.php?topic=131883.0

rcfa

@jahonix:

@vagnyj:

Virtual Box

No.
This is your firewall, not a hypervisor.
However, you can install a virtual pfSense on a hypervisor.

Well, this reminds me about the old joke about a catholic and a protestant priest: The former starts to smoke his pipe while reading the prayerbook, when the latter interrupts him and asks: "Excuse me, I don't want to be nosy, but I asked my bishop if it's OK to smoke while praying, and he answered me, I should not be distracted from paying through smoking. What's the catholic's stance on this matter?"
To which the catholic priest answers: "Very interesting! See, I asked my bishop if it's OK to pray while smoking, and he answered, it's always OK to pray."

So, of course, a firewall isn't a hypervisor. But assume you have a server box at a colocation provider, you pay per rack space. So, you can either just run the server protected only by whatever mediocre protection the host OS allows for, or you run pfSense and run the server in VirtualBox within. So, you see, this is all a matter of perspective.

Having a hypervisor box, that runs both pfSense and the server OS is theoretically possible, but much harder to administer, and it requires rather expensive, bare-metal hypervisor software, while pfSense community edition and VirtualBox are both available free for people running small services on a limited budget.

In my case, I have somewhere a pfSense unit at a colo provider, to allow me some specialized VPN type applications. The system is, in terms of CPU power, underutilized, because it's rather low traffic. With the coming requirements for pfSense, I'll have to upgrade to an even more powerful CPU. Needless to say, running a web server or some other small services on the same box would not be undesirable, given that I already pay for the rackspace. vhost has gone the way of the dodo, so VirtualBox would get a lot more utility out of the whole thing, without in any significant way affecting security negatively.

pfSense is useful for a whole lot more than just a plain vanilla firewall; if it's just the latter I'd need, I could use a much simpler system…

Perun

Hi

it would be nice to have:

• bacula client
• icinga2 client (yes I know there is nrpe)

Greetz

mf72

Hi all,

it would be great to get Ufdbguard as a package for Pfsense.
Is there a way I can contribute / facilate with that request?

Regards

chidgear

Hi!

I'd Love to have the Ocsinventory-Unix-Agent package available, so I could install it and keep my firewall inventoried with the rest of my computers and servers.

hescominsoon

How about the latest ntopng package?..:)

JohnPFsense

PassiveDNS

Something like this: https://github.com/gamelinux/passivedns

I find the idea so simple, the potential quite big.

musicwizard

ZNC for  2.4.X

Gil

Been mentioned before - some time ago I believe - Webdav package. - Great for IoT devices.

Uranus

Package for CUDA installation and compile Suricata with support CUDA.
This will allow even an inexpensive video card to increase the performance without increasing processor power

Guest

• bacula client
• icinga2 client (yes I know there is nrpe)

Bacula / If you install a soft mirror of two SSDs as RAID1 and one disk is failing you could easy swap it over
and rebuild the system, and during that phasis the second or slave unit from your pfSense HA cluster will do
the entire job within.

Incinga2/ Is a monitoring software and works great together with MySQL on FreeBSD and yes Netgate is
also offering little small computer units such the MinnowTrurbot that you are able to run it there with ease!
Alternately I can say a small unit with CACTI & MRTG will do this job well too! Or did you hear about ELK?
ELK, ElasticSearch, Logstash & Kibana It is more to you to write code to get flavor working sensors on
your Incinga2 platform then a packet in pfSense.

it would be great to get Ufdbguard as a package for Pfsense.
Is there a way I can contribute / facilate with that request?

Please have a look at their pricing list and ask them to do this job it self, based on the commercial
concern it should be in their interest first! Price list

PassiveDNS

Would be nice to see how it works on a firewall.

ZNC for  2.4.X

This is not an IRC bouncer or?

Been mentioned before - some time ago I believe - Webdav package. - Great for IoT devices.

Is this not more for NAS devices available as a packet?

Package for CUDA installation and compile Suricata with support CUDA.

Would be Intel Xeon Phi, Intels QuickAssist or DPDK matching better to snort or suricata?
Or a small miniPCIe or PCIe card with an ASIC or FPGA likes the Xilinx Spartan 6 on it?

bsu3338

I have seen some post about Samba and NTLM for Squid, but I would also like to see Samba included for ntlm_auth in FreeRADIUS 3.x for PEAP authentication against Active Directory.

http://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto

Deadpool

+1 for privoxy

sektor

@heimdalx:

My wish is very simple . . .  fail2ban or equivalent.  Where I could setup arguments to scan the logs and modify firewall rules based off those.

Currently running fail2ban on many downstream devices paired with IPtables and it works great.  It would be nice to have the package scan remote logs as well; for instance, scan Apache logs and make changes at the firewall when an attack is happening.

+1 for this as well I think this is a really good idea.

sektor

@hornetx11:

@Tom7141:

@planetinse:

Updated Postfix please :)

• 1 for this

• 1 for this too

+1 for this as well as instructions for a backup MX