Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Minimal install (Starting at 50$)

    Expired/Withdrawn Bounties
    4
    6
    5607
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brigzzy last edited by

      Hi All,

      I don't know if I'm the only one interested in this, but I was thinking today after playing with the package manager for a bit, that it might be cool to have a minimal install image of pfSense (Including only the web UI, and the basic networking components so you can connect to it).  That way if you know that (for instance) you won't be needing any openVPN support, you don't need it installed.  But if you need it, it could be installed from the package manager.

      I would open with 50$ for an install image like that.  I'm hoping there are other folks that think this is a cool idea!

      Thanks

      Brigzzy

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        I would like to see the system become completely modular, where custom builds removing any part of the base system are easy. The system is very much interdependent at this point though, it's months of full time work to get to that point.

        1 Reply Last reply Reply Quote 0
        • D
          dhatz last edited by

          Interesting idea, however what would be the actual benefits?

          It doesn't seem to be an issue of limited resources, since CPUs, memory and disks are becoming faster, larger and cheaper every year, and this trend seems to continue for several more years. Do you envision a pfsense-variant for 4M/16M (flash/memory size), similar to the various Linux-based router firmwares (openwrt, tomato, ddwrt etc)?

          Other than potential security issues (e.g. privilege escalation) which might arise, it'd be quite reassuring  to know that tools like OpenVPN are part of the base pfsense install and can be enabled with a few clicks, rather than having to install them from packages and rebooting …

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            @dhatz:

            Interesting idea, however what would be the actual benefits?

            What I see in that is the ability to build a much more diverse range of appliances, more outside the scope of a typical firewall. There's minimal if any benefit to removing pieces in a firewall context. There is value in having the ability to build highly customized appliances with only the specific pieces you require, which in non-firewall contexts could exclude a number of things in our base system today.

            1 Reply Last reply Reply Quote 0
            • B
              brigzzy last edited by

              @cmb:

              What I see in that is the ability to build a much more diverse range of appliances, more outside the scope of a typical firewall.

              Exactly.  pfSense is a powerful platform, and it would be great to tailor it exactly to your needs.  I would compare it loosely to say, compiling something from source.  Sure you COULD grab a binary package filled with bits and pieces you don't really need, but it would be great to have just the parts that you would use in one specific circumstance.

              1 Reply Last reply Reply Quote 0
              • N
                Nadrek last edited by

                Major benefits to removing packages is for auditing, risk mitigation, and certification.

                Less modules means less screens and configurations to verify on every audit (Is VPN turned off?  OpenVPN, yes.  IPSec, yes, etc. etc.  Every bloody audit.)

                Risk mitigation: You aren't vulnerable to a flaw in the X module if it's not even present on the media (see the recent OpenSSL issue).

                Certification: If you need to pay for certification for some reason, then less things to certify takes less time and can be considerably cheaper and easier.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post