Packages wishlist?
-
I would like to see a mail proxy package that would accept all incoming e-mail and scan it for spam, viruses, and grey list it. After it completes the following task, it would then release it to an internal mail server.
Something like the spamD package that dropped off the grid.
These days having proxy filtering I believe is a must have at the gateway level.
A bounty was proposed for proxsmtp, which can do much of this, but the money was withdrawn before any progress could be made.
I'm working on postfix package version 2.0 with many of these implementations.
-
Postfix package v2 is out.
check it out:
http://forum.pfsense.org/index.php/topic,40622.0.html:D
-
ArpON looks quite interesting for the security-conscious netadmins and it supports FreeBSD:
http://arpon.sourceforge.net/
07/27/2011 :: ArpON 2.7 released!
What is ArpON?
ArpON (ARP handler inspection) is a portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.This is possible using three kinds of anti ARP Spoofing tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dynamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.
ArpON is therefore a proactive Point-to-Point, Point-to-Multipoint and Multipoint based solution that requires a daemon in every host of the connection for authenticate each host through an authentication of type cooperative between the hosts and that doesn't modify the classic ARP standard base protocol by IETF, but rather sets precise policies by using SARPI for static networks, DARPI for dynamic networks and HARPI for hybrid networks thus making today's standardized protocol working and secure from any foreign intrusion.
-
As the siproxd thread is locked, here is my wish:
Ive been using siproxd in a "test" enviroment since Dec 2010 ( since pfSense 2.0 beta5 till the 2.0 Release version ) and all work great, next week it will go to "production" and just one thing i wish to have :
if i enable "Log redirected calls" the logs go to "Status: System logs: System", is posible to have the logs in "Status: Package logs" ?
-
I'd like to see a TOR hidden services package developed so that I can generate .onion addresses for and connect my PFsense router to TOR and port forward traffic from it as needed. Optionally I could select to become a TOR exit node, bridge, or relay.
-
Support of Net-SNMP (this is very simple) and custom scripts called through the "NET-SNMP-EXTEND-MIB".
This way I am currently able to make Cacti collect Unbound stats and also get better CPU graphs than with bsnmpd…
-
Package #1: TOR router, relay, bridge and exit.
Would allow people to host a TOR relay, bridge, or exit router. Optionally also could be used to tunnel all LAN traffic meant for WAN though TOR.Package #2:
Digital SSL Notary Package based on: http://convergence.io/Would allow people to host a digital SSL notary on their PFsense router. The more notaries there are, the more secure the system.
-
Update siproxd to v0.8.1
http://siproxd.sourceforge.net/index.php?op=changelog
Release 0.8.1 10-Jul-2011 This release fixes some bugs, one of them concerns building (libltdl). As a feature for small embedded systems, the pthread stack size is configurable to minimize the memory footprint (RAM). Another highlight is the new plugin_regex that allows rewriting the SIP "To" header (call target) of outgoing calls using regular expressions.
-
I wish there was a Streaming Meidia Server package, possibly this one, the site has full source code, linux/unix/windows. sounds like it would be pretty simple? no? :D I wish ^.^
http://code.google.com/p/ps3mediaserver/
-
I wish there was a Streaming Meidia Server package, possibly this one, the site has full source code, linux/unix/windows. sounds like it would be pretty simple? no? :D I wish ^.^
http://code.google.com/p/ps3mediaserver/
The PMS runs in java and requires a whole lot o other software (mpgenc, mplayer, etc.)
Not something you install on your firewall, but on your NAS instead :) -
Can you add freenas into pfsense? :D
-
-
Silly question, i came back in hopes nobody read it and I could edit the post but that didnt happen :)
How about adding magic jack support?? :D
-
How about blackholeDNS (even a port)? There was an addon for it on Smoothwall http://community.smoothwall.org/forum/viewtopic.php?f=26&t=26030 and it is the only thing I miss from Smoothwall as it was amazingly powerful and useful being able to block 30,000 - 40,000 malware domains (and others). It used dnsmasq too so I think it may be similar to get it working.
-
A mentioned. http://community.smoothwall.org/forum/viewtopic.php?f=26&t=26030
It would be more useful to have a default of resolving any malware domains as 127.0.0.1 to internal machines resolve themselves and don't get anywhere but with the option of putting in your own one (and perhaps any malware listening posts - I don't know if ET one is running yet though I can have word with Matt Jonkmann to find out & its IP if it is). Being able to put your own IP in too would be good in case you wanted to setup your own internal sinkhole to identify machines infected and perhaps determined what they are infected with (i.e if domain is a CnC and machine contacts it and then resolves your own fake server setup to log all HTTP requests and other services).
DNS blackholes are becoming increasingly popular though in organisations as part of a malware defense. http://isc.sans.edu/diary.html?storyid=9037
-
Silly question, i came back in hopes nobody read it and I could edit the post but that didnt happen :)
How about adding magic jack support?? :D
MagicJack is just SIP. They just don't make it easy to find your credentials, from what I've seen. Google around for more info, but there isn't anything special about it. Certainly nothing warranting a package all of its own.
-
I second that jimp. In any case dump magicjack they simply suck. Install the freeswitch pkg and take control of your own telco.
-
dns blacklist
https monitoring to block ultrasurfpfsense 2.0
-
I would like to be able to have the option of enabling CAPTCHA challenges to the WebGUI login. Maybe Re-CAPTCHA: http://www.google.com/recaptcha
-
I would like to see reporting as one of the main features. This should be able to generate reports on any aspect of pfsense as well as scheduling and send the reports by email automatically.
I know there is a mailreport package and it's a good one. But good can always be better. For example, mailreport can send you email report contains rrd graphs only, there is no way to customized the email body itself. Even the rrd graphs are only attached to the email and not embedded in the body.
I would like to be able to create custom mail report with my own signatures if that's possible.
