Packages wishlist?
-
Congrats on the gold release! I've been impressed with pfsense from the beginning when I discovered it from a m0n0wall source.
My 2 cents on the packages wishlist:
-FakeAP(http://www.blackalchemy.to/project/fakeap/)
-Linblock (http://www.dessent.net/linblock/) this is really just a script but I have no clue how to implement it on BSD
-A package allowing you to provide a one-time (expiring) link to a file download from the local freeNAS raid volumes (scawf if you want…)These were already talked about but I 2nd the request for these:
snort
nagios
asterisk
tftp/pxe capabilities
dansguardian
cupsI saw these in the list pre 1.0 so I'm hoping they'll get re-added:
freeradius
freeNASThanks for listening!
-
Snort is already included. The TFTP/PXE proxy is in HEAD and should make its way to a future version.
-
I would like to see a content filter package using Dansguardian.
-
I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.
-
I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.
It's already there: services>Dynamic DNS.
-
-
I would like to see spam filtering ie:spamassassin
Content filtering ie: squidguard, dansguardianThanks
-
This :
http://www.imspector.org/
Would be a very valuable addition. It's basically a Instant Messenging proxy, which means that it can be used to provide logging facilities that are mandatory for most security certifications.
It could also be used to block IM file transfers and eventually provide antivirus/extension-based blocking. Its a great addition to pfSense because this way it could provide application-layer filtering for the three main point of entry for viruses/malware: web, email and im.
-
I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.
http://www.sysmon.org/config.html
Rrealtime accounting and monitoring would be nice to have as well:
pktstat (FreeBSD port exists)
->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue').iftop (FreeBSD port exists)
->listens to network traffic on a named interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts.monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.my 2c…
regards,
mr-s -
A LPR/LPD package to support using pfSense as a print (printer) server would be nice. Preferably with SAMBA support.
-
FreeRADIUS additions/modifications…
I've configured FreeRADIUS to add eap_tls and eap_ttls to authenticate my access point for WPA2-CCM on my pfsense box. What would be nifty is a the ability to integrate the CA similarly to how it is done for IPSEC VPN's to manage certificates for both the CA and users. This would give users the option to utilize either eap_tls or eap_ttls (for the more lazy). If you think about it, possibly just a centralized CA that was separated per duty might be sufficient (e.g., one for IPSEC another for OpenVPN, another for WPA, however utilizing the same openssl.cnf, etc and just splitting off different directories per usage type). Sorry for rambling... but I think this might provide a nice feature and pull together any loose ends that utilize certs for a auth method.
-
OSPF and RIP I + II would be on the top of the list.
Newer nVidia chipsets.. 4+
64 bit support would be nice too. -
OSPF and RIP I + II would be on the top of the list.
routed: RIP v1 and v2 daemon
Already available as package. -
I'd like to second the request for TorrentFlux. This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.
-
I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.
http://www.sysmon.org/config.html
Rrealtime accounting and monitoring would be nice to have as well:
pktstat (FreeBSD port exists)
->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue').iftop (FreeBSD port exists)
->listens to network traffic on a named interface, or on the first interface it can find which looks like an external interface if none is specified, and displays a table of current bandwidth usage by pairs of hosts.monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.my 2c…
regards,
mr-sTry a pkg_add -r nagios I think you will be surprised what it will do out of the box. There are still some bugs that I am working with on my box from the stock install, but a person with some time could easily get it going I think.
-
I'd like to see some options for snort to include bleedingrules, controlled ip blocking. Maybe have an option to move the blocked ips to a permanent blacklist. A file editor option for snort.conf that lets you permanently make changes to the file for tuning. mysql support for snort to log to a database. It would also be nice to have the option to pull the rules from a different location like a local webserver.that would be awesome!!
-
I'd like to second the request for TorrentFlux. This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.
WTF! what kind of person are you, putting a torrent client on a firewall ! makes me wanna cry :'( :'( :'( :'(
-
Blame d-link. IIRC they started this blasphemy practice.
-
someone mentioned putting a file server up on it, although, that defeats the purpose of having a dmz, i don't know how i feel about having files on my firewall? i think an anti spyware/virus package would be great, that scanned incoming traffic..
-
A non-spooling p910nd style print server.
Since pfsense is the only box that is on 24/7 in my small office, it would be nice to have a printer attached to it.
Can anyone make a package out of this: http://etherboot.sourceforge.net/p910nd/ ?