Passive (p0f) OS fingerprinting in 2.3 vs 1.2.3



  • Hi. Up until 2010 or so I used pfsense 1.2.3 and really enjoyed that it used p0f for passive OS fingerprinting of all entries in the states list. It even did geoip lookups and made that information available there too. Today I installed pfsense 2.3.2 on a little Zotac CI-323 box to use as a firewall. I expected it to have the same features since the website still has a feature entry about it in https://www.pfsense.org/about-pfsense/features.html ,

    pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.

    And links to p0f at http://lcamtuf.coredump.cx/p0f.shtml.

    But I can't for the life of me find the option to view or enable this feature in pfsense 2.3.2. I asked on Freenode's ##pfsense but people there thought it had been removed with other L7 fingerprinting features.

    Can anyone tell me how to enable p0f so the states page shows guesses? Or where this feature has been moved now?