4. (Newbie) How "Works out of box" is it?

(Newbie) How "Works out of box" is it?

  • R

    Is PFSense a good match for me?

    I need someone else who knows what they are doing to provide the firewall rules that will keep me safe (preferably with an update once in a while).  I would use the GUI to do stuff assuming that it would create the appropriate rules to have it work and be safe.  This of course would be subject to "you get what you ask for", that is if I forward port 139 to an unpatched Windows 95 machine, I get what I deserve.  I am also perfectly OK doing command-line stuff (and in fact do all day).

    I see lots of discussion about doing fancy things with rules etc., but have not found any indication of what you get "Out of the Box".

    I have used smoothwall and clarkconnect for years, but they each have rather arbitrary limitations in functionality that get in my way.

    Thanks.

    0

  • Out of the box you get:

    • DHCP on LAN
    • Firewall rule allowing the LAN to the WAN
    • NAT enabled to NAT outbound traffic from the LAN to the WAN.
    • Block everything on the WAN.
    0
  • M

    My "Out of the box" experiences with pfSense have been a lot like any off the shelf Linksys or equivalent router.  Just as GF explained in detail - it will "just work" for the vast majority of installations.  Port forwarding is easy and safe, assuming you don't remove or disable the default "block everything on the WAN".  Good luck.

    0
  • R

    If I want to make segregated internal networks to keep Windows machine and XBox's safely blockaded from my Linux network, will I be writing firewall rules or pushing buttons?  I don't know what rules to write!  I can tell that PFSense is a great convenience for people who know what rules to write.  Is it also suitable for people who want to "Create a safe, isolated wireless net" or "create a DMZ" and have it created with nominally appropriate rules?

    0
  • M

    You'll only need to be typing IPs or subnet masks.  Spend 15 minutes and install a copy and give it a try.  It's easy.

    0

  • What you're saying makes it sound like you'll need a third interface (OPT1).  Put all your untrusted hosts on that interface.  Then it's a matter of how you want to do it.  The simplest approach (not the most secure) would be to block all traffic on that interface going to the LAN, but allow all other traffic.

    0
  • R

    Thank you all, it does sound like what I was looking for (You will just by typing in IP addresses and netmasks… Try it, it is easy).  Indeed I will.

    0
  • V

    So how was your experience?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy