Packages wishlist?
-
More certificate management; in particular:
The ability to use a pfSense Certificate Manager CA certificate to sign CSR's (Certificate Signing Requests). I've got some internal devices that I'd like to use my normal internal CA (generated on pfSense) to sign.
-
OCSinventory-agent
-
1. Postfix Forwarder update to 2.11.1 with postscreen_dnsbl_whitelist_threshold enabled, so we can finaly make use of postscreens greylisting feature.
- A new postscreen_dnsbl_whitelist_threshold feature to allow
clients to skip postscreen tests based on their DNSBL score.
This can eliminate email delays due to "after 220 greeting"
protocol tests, which otherwise require that a client reconnects
before it can deliver mail. Some providers such as Google don't
retry from the same IP address, and that can result in large
email delivery delays.
http://permalink.gmane.org/gmane.mail.postfix.announce/146
http://svnweb.freebsd.org/ports/head/mail/postfix/
2. Postfix secure SMTP should use pfSense certs
# pfSense Postfix Forwarder TLS smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /usr/pbi/postfix-amd64/etc/ssl/server.key smtpd_tls_cert_file = /usr/pbi/postfix-amd64/etc/ssl/server.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
so we don't need to use custom main.cf options and generate the certs via command line.
220-mailserver.tld ESMTP smtprelay service ready.
220 mailserver.tld ESMTP smtprelay service ready. [285 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-mailserver.tld
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [749 ms]
MAIL FROM: supertool@mxtoolbox.com250 2.1.0 Ok [749 ms]
RCPT TO: test@example.com554 5.7.1 test@example.com: Relay access denied [749 ms]/test@example.com/test@example.com/supertool@mxtoolbox.comhttps://forum.pfsense.org/index.php?topic=70046.msg382794#msg382794
3. squid3-dev amd64 with working Clamav anti-virus integration using c-icap
https://forum.pfsense.org/index.php?topic=73921.0
I know that marcelloc does not have the time and resource to fix this problem atm, but we could collect some money and call a bounty, so we can hire him or someone who can fix this. A lot of people struggling with squid and dansguardiann anti-virus on amd64 systems, so there is a high demand fixing this.
Thanks for your attention.
- A new postscreen_dnsbl_whitelist_threshold feature to allow
-
gnupg
-
I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.
In about 2 weeks time we will be looking for a few beta testers of this package.
Features will include:
- node.js based http proxy/dns filter
- Commercial based categorization engine
- HTTP filtering based on categories
- DNS filtering based on categories
- AD integration
- Fully customizable block/login/tos pages
We will be looking for feedback and bug reporting.
If you would be interested in participating in this test, please let me know.
Thanks,
JamesThe demo of this is ready, if anyone is interested in testing it out let me know.
Thanks,
-
This could be good, we can do some testing for you.
-
As far as I could tell I couldn't find this for pfSense so someone correct me if I am wrong.
Ages ago I used to play in the Smoothwall side of things and one package I really loved was the modem monitor package. Simply put it logged modem signal stats over time and graphed them. http://community.smoothwall.org/forum/viewtopic.php?f=26&t=23844
Really itching to see this in pfSense.
-
I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.
In about 2 weeks time we will be looking for a few beta testers of this package.
Features will include:
- node.js based http proxy/dns filter
- Commercial based categorization engine
- HTTP filtering based on categories
- DNS filtering based on categories
- AD integration
- Fully customizable block/login/tos pages
We will be looking for feedback and bug reporting.
If you would be interested in participating in this test, please let me know.
Thanks,
JamesThe demo of this is ready, if anyone is interested in testing it out let me know.
Thanks,
James I would be interested if your still looking for testers
-
Smokeping
-
If someone could package sysutils/xe-guest-utilities for me that would be great. I know nothing of the pfSense packaging, but maintain/developed the port. The port is very simple – a couple shell scripts -- and just requires a daemon start/stop. It also has very few dependencies.
This is going to be extremely important for virtualizing pfSense 2.2 on Citrix XenServer
Thank you!
-
ACL Custom rules for squid, the GUI is to limit.
I have to manually edit the internal files :-). -
The nginx will be packaged in the feature? We are using as reverse proxy for http and https with multiple applications and multiple backend host (tomcat, apache, thin).
Kind Regards,
Zoltan -
In the future, Id like to see a package for installing DNScrypt.
-
Hi All!
Wish "logstash-forwarder" (https://github.com/elasticsearch/logstash-forwarder) in the packages.
Wish make dreams come true :)
-
@tiv:
Hi All!
Wish "logstash-forwarder" (https://github.com/elasticsearch/logstash-forwarder) in the packages.
Wish make dreams come true :)
It is coming soon as a part of Suricata to enable JSON logging to ELK. Have not finalized how to actually implement it, though. Could be a better move to make it an independent package that other packages could utilize when it is detected.
Bill
-
Phpsysinfo
I can get to run just not make a package for it.
2.2-RC (amd64)
built on Wed Dec 31 07:14:09 CST 2014
FreeBSD pfSense.localdomain 10.1-RELEASE-p3 FreeBSD 10.1-RELEASE-p3 #0 8bdb2f8(releng/10.1)-dirty: Wed Dec 31 07:51:59 CST 2014 root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64I installed the latest by copy and untar and then point my broswer but this is all manual.. wish was included as a package..
with latest version you can watch from you andriod or Iphone see details of all kinds of stuff. there is more that this does but I just not modify the standard config file to show I think
If someone can make this a package with a config page to modify the options or anything like that I would love it. maybe when more money I make I will donate to them.
I can show someone how to install this if they are interested .. Manually of course. I don't have time to learn how to make packages yet.
of course what I show is my android phone and computer screens.. they are very bare in details compare to what this can show you. There is couple plugins that pull details like temps and other battery backups and other good information that you can see from remote if you setup right.
![Snap 2015-01-01 at 23.37.09.png](/public/imported_attachments/1/Snap 2015-01-01 at 23.37.09.png)
![Snap 2015-01-01 at 23.37.09.png_thumb](/public/imported_attachments/1/Snap 2015-01-01 at 23.37.09.png_thumb)
![2015-01-01 23.34.32.png](/public/imported_attachments/1/2015-01-01 23.34.32.png)
![2015-01-01 23.34.32.png_thumb](/public/imported_attachments/1/2015-01-01 23.34.32.png_thumb) -
It is coming soon as a part of Suricata to enable JSON logging to ELK. Have not finalized how to actually implement it, though. Could be a better move to make it an independent package that other packages could utilize when it is detected.
Bill
I am very excited about this feature also. Being able to visualize Suricata in ELK will be AWESOME! Wish I had more knowledge so I could help…
Dan
-
It is coming soon as a part of Suricata to enable JSON logging to ELK. Have not finalized how to actually implement it, though. Could be a better move to make it an independent package that other packages could utilize when it is detected.
Bill
I am very excited about this feature also. Being able to visualize Suricata in ELK will be AWESOME! Wish I had more knowledge so I could help…
Dan
I am working now on a logstash-forwarder package for pfSense. I decided to make it a standalone package that can siphon logs from anything configured to log on the pfsense firewall. Realize, though, that logstash-forwarder is just that: a forwarder daemon. It won't have any pretty charts on pfSense. It will simply collect logs and ship them off via a SSL connection to a designated Logstash host someplace. You will still need to provide your own host and of course client for viewing the pretty charts and data in the ELK combo.
There will be a simple GUI for configuring the forwarder on pfSense, but it will just be for importing SSL keys and selecting which logs to forward.
Bill
-
I am working now on a logstash-forwarder package for pfSense. I decided to make it a standalone package that can siphon logs from anything configured to log on the pfsense firewall. Realize, though, that logstash-forwarder is just that: a forwarder daemon. It won't have any pretty charts on pfSense. It will simply collect logs and ship them off via a SSL connection to a designated Logstash host someplace. You will still need to provide your own host and of course client for viewing the pretty charts and data in the ELK combo.
There will be a simple GUI for configuring the forwarder on pfSense, but it will just be for importing SSL keys and selecting which logs to forward.
Bill
Thanks for working on this!
It would be great. If you need any help testing let me know. I have a fully functioning ELK environment with lumberjack ready to go.
I have a current setup to move the Suricata eve.json file over through some scripts but logstash-forwarder is definitely the way to go.
Dan
-
My wishlist. simple package for installing DNSCrypt on pfsense.