(Newbie) How "Works out of box" is it?



  • Is PFSense a good match for me?

    I need someone else who knows what they are doing to provide the firewall rules that will keep me safe (preferably with an update once in a while).  I would use the GUI to do stuff assuming that it would create the appropriate rules to have it work and be safe.  This of course would be subject to "you get what you ask for", that is if I forward port 139 to an unpatched Windows 95 machine, I get what I deserve.  I am also perfectly OK doing command-line stuff (and in fact do all day).

    I see lots of discussion about doing fancy things with rules etc., but have not found any indication of what you get "Out of the Box".

    I have used smoothwall and clarkconnect for years, but they each have rather arbitrary limitations in functionality that get in my way.

    Thanks.



  • Out of the box you get:

    • DHCP on LAN
    • Firewall rule allowing the LAN to the WAN
    • NAT enabled to NAT outbound traffic from the LAN to the WAN.
    • Block everything on the WAN.


  • My "Out of the box" experiences with pfSense have been a lot like any off the shelf Linksys or equivalent router.  Just as GF explained in detail - it will "just work" for the vast majority of installations.  Port forwarding is easy and safe, assuming you don't remove or disable the default "block everything on the WAN".  Good luck.



  • If I want to make segregated internal networks to keep Windows machine and XBox's safely blockaded from my Linux network, will I be writing firewall rules or pushing buttons?  I don't know what rules to write!  I can tell that PFSense is a great convenience for people who know what rules to write.  Is it also suitable for people who want to "Create a safe, isolated wireless net" or "create a DMZ" and have it created with nominally appropriate rules?



  • You'll only need to be typing IPs or subnet masks.  Spend 15 minutes and install a copy and give it a try.  It's easy.



  • What you're saying makes it sound like you'll need a third interface (OPT1).  Put all your untrusted hosts on that interface.  Then it's a matter of how you want to do it.  The simplest approach (not the most secure) would be to block all traffic on that interface going to the LAN, but allow all other traffic.



  • Thank you all, it does sound like what I was looking for (You will just by typing in IP addresses and netmasks… Try it, it is easy).  Indeed I will.



  • So how was your experience?


Locked