Re-Brand pfSense as a different product



  • I had to offer a heavily customized solution to a company, developing a good couple of proprietary programs running on it. I chose pfSense as the background for it, because I really trust the stability of FreeBSD, the web interface is very good and suited very well as a base for these programs, and it contains many features it needed already out of the box. In a few words, the resulted appliance is not primarily used as a router/firewall, it's rather a specialized NTP server with some customized outputs (including audio signals), and does very little routing/firewalling related to this.

    Before I made my choice last autumn, I looked into other alternatives too, various Linux flavours and even Windows was taken into consideration. Reaching to pfSense I studied the options, and based on information found on these two links I started my mod from the v2.1-RELEASE NanoBSD image:
    https://doc.pfsense.org/index.php/Can_I_sell_pfSense
    https://devwiki.pfsense.org/ReBrandingSupport

    The product is completely different, its name refers only to the Time Server service it offers. As described in the wiki, I tried to remove completely any pfSense-related strings and graphics from the product, except in two places:

    • /license.php file. I added a paragraph just as m0n0wall has: "pfSense is Copyright © 2004 - 2013 by BSD Perimeter LLC (coreteam@pfsense.org) All rights reserved." I thought this should be okay, as it gives credit to the people who offered the base for the new product. Keep in mind that this page generates by default, automatically a new copyright text for the product, which is now not pfSense. Note that at that time when I was working, it was still BSD Perimeter.
    • the boot menu, offering two choices to boot from the two slices named both "pfSense". I wasn't able to change this as I found no related documentation on how to do it. I asked for help in the forum (see post https://forum.pfsense.org/index.php?topic=69471.0) but got no usable answer. Luckily, the product's VGA console is not accessible by the end-user on the appliance, so the customer has no means to see this.

    I completely re-designed the default web interface too, using completely different logos and brand names, took an older theme (the one with menu on the left) and changed colours to match the new logos etc. Unless you are an experienced pfSense user, you could hardly decode that this is actually based on pfSense. Removed all web links to pfSense, disabled update check and removed that menu item, packages options for the default webif user etc. I had to add many FreeBSD packages originally not present in pfSense like Perl and many unusual modules, and driver files as kernel modules loaded from boot config file.

    Note that I didn't use any pfsense-tools to create this product. All I did is took the NanoBSD image file, mounted it as a virtual machine (see https://forum.pfsense.org/index.php?topic=47306.0), modified everything directly on the file system just as it was a live system, afterwards duplicated slice and converted back to RAW image and dd'd it to CF card, running live from then on.

    Also note that the final product is only sold as a turn-key rackmount appliance, front panel is also custom designed only containing the new brand name and connector identifications.

    Parts of my work, which are not strictly related to the proprietary solution requested by my customer I contributed back through the forum and GitHub, and are already pulled in for v2.2.

    My question is, considering the recent events around pfSense (https://forum.pfsense.org/index.php?topic=73281.0):
    Did I do right? Am I still legal with this product?

    I was pretty certain, until these things exploded, that all I did was legal. I would have done pretty much the same way if I was to choose Debian Linux for this, or even Windows (the POSReady version allows that kind of customizing).



  • If you want an answer to this, I suggest that you send us email.

    I'm not engaging on the forum about it.



  • OK, thanks.



  • @gonzopancho:

    If you want an answer to this, I suggest that you send us email.

    After you hash it out, posting back with a yes or no, might help people with similar questions in the future.

    I'm not engaging on the forum about it.

    Sounds like getting ready for more …. discussion, not a yes or no to a well-posed question.



  • I'm not going to copy/paste this into an e-mail. The question has been raised, they got it. I don't think it matters how.

    If they think the answer is not public, I can accept that - thus they could send me a reply either via pm, or via my e-mail address which I used to register to either this forum or GitHub.

    I can even accept this topic to be deleted, if they think I offended anybody with it - if that's the case, I appologise.



  • I was referring more to EFS, thinking that they would want that type of guidance out there.  Certainly don't want to suggest disclosing private conversations, never intended that.



  • what happened to this post? it was fun reading while drinking my morning coffee for the last couple of days :)



  • @charliem:

    I was referring more to EFS, thinking that they would want that type of guidance out there.  Certainly don't want to suggest disclosing private conversations, never intended that.

    Agree.



  • Yes, an answer (apart from perhaps pricing and very specific contractual details) will be public.


Log in to reply