Why Pfsense is free and who is mysterious benefactor we should be grateful ?

JKnott

@dealornodeal

Welcome to open source software. With open source, the source code is shared and anyone can use and improve it. Pfsense is based on FreeBSD, but the biggest example would be Linux, which in turn is the base for Android. Likewise, Apple's phone and computer operating systems are based on FreeBSD, IIRC. The big companies are also well into it. For example, the big super computers from IBM and others usually run Linux. Even Microsoft is using it in their cloud services and also include it in Windows 10. You can also get office suites, such as LibreOffice and OpenOffice.

A Former User

@JKnott

Didn't know pfsense is open source, I've been thinking it is very well closed =D

A Former User

@Gertjan

Hi, do you mean they sell product untested ?

A Former User

@Gertjan

I haven't read licence agreament to be honest ..

does it say anything about telemetry or something ..?

JKnott

@dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

Didn't know pfsense is open source, I've been thinking it is very well closed =D

I don't know the details of pfsense, but the FreeBSD it's built on is certainly open source. My understanding is that pfsense is just a pretty way of configuring what's already in FreeBSD. I doubt there's much in it that couldn't be done with bare BSD.

Also a lot of commercial gear is built on open source, usually Linux. For example, I recently bought a Ubiquiti AP, which is, as was my old TP-Link AP, as are my TV, Blu-ray player, A/V receiver and more. Even Cisco has some Linux based models. These days, it's pretty much impossible to get away from open source, as even Windows 10 will let you install various flavours of Linux. Of course, the Internet is pretty much built on some open source *nix, with web servers, mail servers, etc..

Gertjan

@dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

Didn't know pfsense is open source, I've been thinking ...

......
@dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

I haven't read licence agreament

Try this https://en.wikipedia.org/wiki/PfSense
It's ok not to think, at least read.

@dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

they sell product untested ?

pfSense == software = free.
The source code is open (99,9 % or so ?), do not believe what you think and what they told you : check out the code -it's open ! That's why it's 'open'.
The repository is here : https://github.com/pfsense

The hardware - see link above - is always tested before shipped to clients.

@Gertjan said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

to be tested ... so here we are ^^

^^ is like a

A Former User

@Gertjan

interesting how many users were able to configure system manually...

in my case nothing work well unless i choose Auto where it is possible

pppd

@dealornodeal

I think there are a number of reasons why it's open source:

1. pfsense at its core is monowall.

2. the open source model benefits ongoing development of the product and updates and security patches are frequent. The community plays a big role in this. The result being pfsense is the most secure and feature rich FW on the market.

3. It has the largest user and knowledge base. Ask almost anyone which firewall product they prefer it most likely will be pfsense. Its as ubiquitous as windows is but to the firewall world. Netgate have their own proprietary products which they sell to big businesses that require professional support and willing to pay for it. For the rest of us we get to use a fantastic product for free providing we put our own time and effort in to configure and maintain it. When I hear someone installing a product other than pfsense I scratch my head and ask why would you?

A Former User

@pppd

I agree with you, pfsense is great solution with multiple options.

hescominsoon

@jknott FreeBSD and the other BSD's have a more free license(in terms of what you can do with the code..not the price) than the GPL versions. PFSense is a hardened BSD..so much of the stuff that isn't required for a firewall is shaved out(the beauty of BSD and Linux)...There is more going on in the background than jsut the interface.

JKnott

@hescominsoon

Well, could the interface run on stock BSD, without all those extras stripped out? If so, then it's what I said, just an interface on top of BSD. Prior to pfsense, my firewall was built on opensuse Linux. Everything that was needed was already in it. Even back when I built my first Linux firewall on Slackware, I just installed the necessary packages (floppies back then).

BTW, one thing I miss from my Linux firewall is the ability to run Wireshark on it.

hescominsoon

@jknott said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

@hescominsoon

Well, could the interface run on stock BSD, without all those extras stripped out? If so, then it's what I said, just an interface on top of BSD. Prior to pfsense, my firewall was built on opensuse Linux. Everything that was needed was already in it. Even back when I built my first Linux firewall on Slackware, I just installed the necessary packages (floppies back then).

BTW, one thing I miss from my Linux firewall is the ability to run Wireshark on it.

yes it could..but why? That would lead to it being more insecure by default. By stripping out stuff that's not needed(like smb, apache, mail servers..etc etc etc) the codebase is smaller and the attack surface is smaller. go look at the security advisories for the base freeBSD then look at how few of those apply to PFSense. By stripping things down it makes less work for the folks at netgate to deal with...which is also why the release cadence can be slower..because the codebase is so much smaller and security is the primary focus..they do not have to spend so much time putting out vulnerability fires. Since it is BSD if you want to run wireshark you could probably install it yourself..there's nothing stopping you..but then you are breaking the base configuration of the firewall.

You can do a packet capture on psense and then export that data to be analyzed in wireshark. the documentation tells you how to do this:
https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/wireshark.html

JKnott

@hescominsoon said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

yes it could..but why? That would lead to it being more insecure by default.

That was just to demonstrate my point that pfsense is just an interface on top of BSD and does nothing that couldn't be done by BSD alone. It would mean manually configuring all the various services, including pf, but it could be done. It's the same on Linux, where the configuration app (Yast) configures everything, including IPTables. Without that app, you could still make a good firewall, but it would take more work.

BTW, I go back to the days when everything on computers was done from the command line (I was working with VAX/VMS long before I ever saw PC/MS-DOS and IBM mainframes before I bought my XT clone) and when I first heard about the Mac, I wondered why anyone would need a graphical interface.

Putting Wireshark would take a lot more work than I'm prepared to do. I do use Packet Capture frequently and download the captures to examine with Wireshark. I can also put a managed switch, configured as a data tap in line with any connection to pfsense.