Packages wishlist?
-
Hi all!
Security: I wish to see way less bruteforce attacks on my systems.
Automatic blacklisting of IP's hitting on an expressely opened set of standard ports that are really not belonging to our protected systems rather are specifical bait to the standard port scanners.
I believe this is the concept of Honeypot and Guerrilla package seems to do that just fine just it isn't integrated in pfSense.
Any implementation of such a smart system on pfSense (of course automatically freeing up ports present in rules)?
Best
-
WireGuard VPN
It was freshly ported to FreeBSD in may 2018.
Better performance than OpenVPN and easy to configure.
https://www.wireguard.com/
https://www.freshports.org/net/wireguard/
https://lists.freebsd.org/pipermail/freebsd-ports/2018-May/113434.html -
@juppin said in Packages wishlist?:
WireGuard VPN
It was freshly ported to FreeBSD in may 2018.
Better performance than OpenVPN and easy to configure.
This does not inspire confidence:
About The Project
Work in ProgressWireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software). If you are packaging WireGuard, you must keep up to date with the snapshots.
However, if you're interested in helping out, we could really use your help and we readily welcome any form of feedback and review. There's currently quite a bit of work to do on the project todo list, and the more folks testing this out, the better.
So maybe in the future when it's stable and proven to be secure. Performance means very little if it is insecure.
-
How about a simple package to control the LED's on the front of some NetGate hardware devices? I.e., Gateway status lights, update available, etc.
-
Can node and www/npm be added to the list?
-
I package with a simple way to block facebook.com and all facebook apps with one click. Facebook is a huge problem with businesses and schools and it keeps getting brought up but nothing has ever been done to make a quick fix for blocking facebook.
-
@dgall said in Packages wishlist?:
I package with a simple way to block facebook.com and all facebook apps with one click. Facebook is a huge problem with businesses and schools and it keeps getting brought up but nothing has ever been done to make a quick fix for blocking facebook.
Snort & Snort OPENAPPI Rules ?
pfBlockerNG & block by Facebook ASN?
-
@nogbadthebad The best solution I have found is using a site like https://github.com/StevenBlack/hosts and making a dnsbl rule it works better for me then shallalist and less resources.
-
a simple package to display a website in an iframe (or whatever) on the dashboard? (already can display pictures, right?)
example;
Upstream of pfSense 2.4.4 box is an Arris Surfboard SB69xx, display the generic info page of the Arris SB so logging into the dashboard gives cursory view of SB status, helps rapid determination of upstream/downstream indicators w/o walking down into basement to look, or remembering which uncommon subnet address cablemodem/DSL/ONT is
. Does not need to log in to get info, can click on page to open link into new tab/window.
-
I love netdata would be nice to also have it for pfsense .
Here's there git hub link. Git Hub link -
E2Guardian5.
I've never managed to make Squid work with HTTPS, while on E2Guardian you just have to install the package and it's done. -
Midnight Commander (mc). Very good when making a connection to the pfsense terminal with PUTTY. In all other distributions (FreeBSD/Linux) you can find this package. Why not in pfsense?
-
@hidalgo I'd rather see a package that can access a unifi controller using something like this https://github.com/Art-of-WiFi/UniFi-API-client
It would be great to manage pfSense and Unifi from the same interface -
I've no idea how viable it would be.... says it's an application-level visibility and filtering package that's currently available for OPNSense. I suspect it would need some kind of integration but that's above my knowledge level. Seems interesting anyway...
https://www.sunnyvalley.io/sensei
-
Possible to add Node and npm to the list of available packages?
-
I wish that the mailreport package could filter based on keywords and only email when it finds them. Or maybe if log not empty for the gateways and routing logs.
cat /var/log/system.log | grep -iE 'fail|err|warn' -
-
A package for more notification options.
More specific to be able to receive notifications of connections and disconnections of each VPN Dis/Connection on each VPN Server.(OpenVPN etc) -
A small database of VPN connections with the ability to export logs in csv (columns) for each user (very helpful now with remote working)
-
-
I would like to see the ossec-hids-agent package be added.
-
With Zabbix 6.0 LTS available for some weeks now, I'd really like to have a zabbix-proxy6 package to be created, since for me having the pfSense(s) be the Zabbix proxy makes a lot of sense and Zabbix 6 LTS brings quite some cool new features.
Zabbix server 6 only like to communicate with Zabbix 6 proxies, thus not having a zabbix-proxy6 package blocks the update of Zabbix server. -
just what I wanted to write
