Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why Pfsense is free and who is mysterious benefactor we should be grateful ?

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 5 Posters 1.5k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? Offline
      A Former User @Gertjan
      last edited by

      @Gertjan

      I haven't read licence agreament to be honest ..

      does it say anything about telemetry or something ..?

      1 Reply Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott @Guest
        last edited by

        @dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

        Didn't know pfsense is open source, I've been thinking it is very well closed =D

        I don't know the details of pfsense, but the FreeBSD it's built on is certainly open source. My understanding is that pfsense is just a pretty way of configuring what's already in FreeBSD. I doubt there's much in it that couldn't be done with bare BSD.

        Also a lot of commercial gear is built on open source, usually Linux. For example, I recently bought a Ubiquiti AP, which is, as was my old TP-Link AP, as are my TV, Blu-ray player, A/V receiver and more. Even Cisco has some Linux based models. These days, it's pretty much impossible to get away from open source, as even Windows 10 will let you install various flavours of Linux. Of course, the Internet is pretty much built on some open source *nix, with web servers, mail servers, etc..

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        H 1 Reply Last reply Reply Quote 0
        • GertjanG Offline
          Gertjan @Guest
          last edited by

          @dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

          Didn't know pfsense is open source, I've been thinking ...

          ......
          @dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

          I haven't read licence agreament

          Try this https://en.wikipedia.org/wiki/PfSense
          It's ok not to think, at least read.

          @dealornodeal said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

          they sell product untested ?

          pfSense == software = free.
          The source code is open (99,9 % or so ?), do not believe what you think and what they told you : check out the code -it's open ! That's why it's 'open'.
          The repository is here : https://github.com/pfsense

          The hardware - see link above - is always tested before shipped to clients.

          @Gertjan said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

          to be tested ... so here we are ^^

          ^^ is like a ๐Ÿ˜Š

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          ? 1 Reply Last reply Reply Quote 0
          • ? Offline
            A Former User @Gertjan
            last edited by

            @Gertjan

            interesting how many users were able to configure system manually...

            in my case nothing work well unless i choose Auto where it is possible

            1 Reply Last reply Reply Quote 0
            • P Offline
              pppd @Guest
              last edited by

              @dealornodeal

              I think there are a number of reasons why it's open source:

              1. pfsense at its core is monowall.

              2. the open source model benefits ongoing development of the product and updates and security patches are frequent. The community plays a big role in this. The result being pfsense is the most secure and feature rich FW on the market.

              3. It has the largest user and knowledge base. Ask almost anyone which firewall product they prefer it most likely will be pfsense. Its as ubiquitous as windows is but to the firewall world. Netgate have their own proprietary products which they sell to big businesses that require professional support and willing to pay for it. For the rest of us we get to use a fantastic product for free providing we put our own time and effort in to configure and maintain it. When I hear someone installing a product other than pfsense I scratch my head and ask why would you?

              ? 1 Reply Last reply Reply Quote 1
              • ? Offline
                A Former User @pppd
                last edited by

                @pppd

                I agree with you, pfsense is great solution with multiple options.

                1 Reply Last reply Reply Quote 0
                • H Offline
                  hescominsoon @JKnott
                  last edited by

                  @jknott FreeBSD and the other BSD's have a more free license(in terms of what you can do with the code..not the price) than the GPL versions. PFSense is a hardened BSD..so much of the stuff that isn't required for a firewall is shaved out(the beauty of BSD and Linux)...There is more going on in the background than jsut the interface.

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ Offline
                    JKnott @hescominsoon
                    last edited by

                    @hescominsoon

                    Well, could the interface run on stock BSD, without all those extras stripped out? If so, then it's what I said, just an interface on top of BSD. Prior to pfsense, my firewall was built on opensuse Linux. Everything that was needed was already in it. Even back when I built my first Linux firewall on Slackware, I just installed the necessary packages (floppies back then).

                    BTW, one thing I miss from my Linux firewall is the ability to run Wireshark on it.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    H 1 Reply Last reply Reply Quote 0
                    • H Offline
                      hescominsoon @JKnott
                      last edited by

                      @jknott said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

                      @hescominsoon

                      Well, could the interface run on stock BSD, without all those extras stripped out? If so, then it's what I said, just an interface on top of BSD. Prior to pfsense, my firewall was built on opensuse Linux. Everything that was needed was already in it. Even back when I built my first Linux firewall on Slackware, I just installed the necessary packages (floppies back then).

                      BTW, one thing I miss from my Linux firewall is the ability to run Wireshark on it.

                      yes it could..but why? That would lead to it being more insecure by default. By stripping out stuff that's not needed(like smb, apache, mail servers..etc etc etc) the codebase is smaller and the attack surface is smaller. go look at the security advisories for the base freeBSD then look at how few of those apply to PFSense. By stripping things down it makes less work for the folks at netgate to deal with...which is also why the release cadence can be slower..because the codebase is so much smaller and security is the primary focus..they do not have to spend so much time putting out vulnerability fires. Since it is BSD if you want to run wireshark you could probably install it yourself..there's nothing stopping you..but then you are breaking the base configuration of the firewall.

                      You can do a packet capture on psense and then export that data to be analyzed in wireshark. the documentation tells you how to do this:
                      https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/wireshark.html

                      JKnottJ 1 Reply Last reply Reply Quote 0
                      • JKnottJ Offline
                        JKnott @hescominsoon
                        last edited by JKnott

                        @hescominsoon said in Why Pfsense is free and who is mysterious benefactor we should be grateful ?:

                        yes it could..but why? That would lead to it being more insecure by default.

                        That was just to demonstrate my point that pfsense is just an interface on top of BSD and does nothing that couldn't be done by BSD alone. It would mean manually configuring all the various services, including pf, but it could be done. It's the same on Linux, where the configuration app (Yast) configures everything, including IPTables. Without that app, you could still make a good firewall, but it would take more work.

                        BTW, I go back to the days when everything on computers was done from the command line (I was working with VAX/VMS long before I ever saw PC/MS-DOS and IBM mainframes before I bought my XT clone) and when I first heard about the Mac, I wondered why anyone would need a graphical interface. ๐Ÿ˜‰

                        Putting Wireshark would take a lot more work than I'm prepared to do. I do use Packet Capture frequently and download the captures to examine with Wireshark. I can also put a managed switch, configured as a data tap in line with any connection to pfsense.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.