Packages wishlist?



  • I would love to have nano (the text editor)

    Edit
    Grrr..here I go and try to figure out how to compile from source code and all that it took was pkg_add -r nano && rehash
    Thanks. I'm not so familiar with freebsd so I tend to do stuff backwards  ::)

    http://www.freebsd.org/cgi/man.cgi?query=pkg_add&sektion=1



  • pkg_add -r nano
    rehash



  • know what i would love?  I'd love to see this "distro" remain lean and super good at being a firewall.

    You want statistics and graphs? setup cacti somewhere on your network and use snmp to monitor your firewall.
    You want a print server? set one up on your network somewhere.
    You want dozens of other non-firewall/non-content filtering related things? Set them up.

    For god sakes, let your firewall be what it is intended to be…. safe, fast, stable, and secure --- inside AND out.

    While I dont think a full bind implementation is the greatest idea, especially considering the numerous security exploits via bind over the years, but a "light" version as a package would be really beneficial for those of us who have reverse dns delegated to us. In my particular case, I host all my forward dns with my domain registrar, while my datacenter provider has control of my IP space. They dont do any special reverse dns hosting for anyone, but will happily delegate it out.

    Something as simple as having an extra field listed along side my virtual ips for "reverse dns response" or "reverse dns name" would be SO great. VIPS get cached by arp, the traffic flows to the firewall. I have my provider delegate rev-dns to my firewall wan ip and rev-dns responses could be easily served. Doesnt need to be a fancy full implementation of bind, but even the most rudimentary functionality would be a huge time saver for me.

    my 2 cents.



  • asterisk@home
    ;D



  • my vote is cs source server.

    ducks



  • @nexusone:

    know what i would love?  I'd love to see this "distro" remain lean and super good at being a firewall.

    You want statistics and graphs? setup cacti somewhere on your network and use snmp to monitor your firewall.
    You want a print server? set one up on your network somewhere.
    You want dozens of other non-firewall/non-content filtering related things? Set them up.

    For god sakes, let your firewall be what it is intended to be…. safe, fast, stable, and secure --- inside AND out.

    If you want lean and mean, no problem, just install the bare bone pfSense.
    But I'd say if the pfSesne community wants to create a package to use pfSense as a print server or whatever let them do it. if you dont want it on your box simple don't install it. Let the users decide what they want to do with their firewall, I'm sure the core dev team wont put time into creating half these packages, If the community wants to dev packages let them go ahead include the packages as they see fit and leave the decision in the hands of the user. thats just my 2 cents.



  • @Leoandru:

    If you want lean and mean, no problem, just install the bare bone pfSense.
    But I'd say if the pfSesne community wants to create a package to use pfSense as a print server or whatever let them do it. if you dont want it on your box simple don't install it. Let the users decide what they want to do with their firewall, I'm sure the core dev team wont put time into creating half these packages, If the community wants to dev packages let them go ahead include the packages as they see fit and leave the decision in the hands of the user. thats just my 2 cents.

    Amen.  That's exactly our idea and rationale up to this point.  It's you're box, you can do what you want.  It may not always be a good idea to do so, but you have that choice.



  • How about iptraf?

    IPTraf is a pretty useful realtime network monitoring package

    http://iptraf.seul.org/

    Regards,
    Brian



  • May be if don't miss some thing and understand the main idea of project
    1. ng_netflow and some web_iface for it.
    2. flow-tools ( here i would like to tell some words about why: on radioethernet it will be usefull to collect data localy and send to some server by cron)
    3. tcshrc from /usr/ports/shells/tcshrc/. I understand that main idea of project is to make little and easy web based router/firewall but if something wrong i as always first try to see whats going on by ssh not by web_iface
    4. syslog_ng or some thing to move logs from router to another server
    seems to be all



  • @bmacauley:

    IPTraf is a pretty useful realtime network monitoring package

    Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.



  • @hoba:

    @bmacauley:

    IPTraf is a pretty useful realtime network monitoring package

    Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.

    And ntop does a good job of providing trend information as well.



  • @hoba:

    @bmacauley:

    IPTraf is a pretty useful realtime network monitoring package

    Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.

    Not that good as IPtraf…. IPtraf shows for example number of pkt per second, statistics for interrested port, protocol etc..
    It's very usefull and powerfull tool. IMHO
    ;-)



  • @mbedyn:

    @hoba:

    @bmacauley:

    IPTraf is a pretty useful realtime network monitoring package

    Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.

    Not that good as IPtraf…. IPtraf shows for example number of pkt per second, statistics for interrested port, protocol etc..
    It's very usefull and powerfull tool. IMHO
    ;-)

    press h. left right arrow and so on. sounds like you haven'T seen all the pages/infos yet



  • has an asterisk package been talked about?  a package where you could have have a 2nd pfsense box running asterisk? or even run it on the same machine as your firewall which would make life a bit easier.



  • Yeah, its been tossed around.  I would like to see one get going at some point.  I've got some files started but they are a little dated and the structure really wasn't that hot.

    With that said, if someone wants to work on this and wants to use these, I can try to dig them up.  In fact, I would help out with this but I am looking for someone to "own" this package and maintain it.



  • Well my vote goes to Quagga, or at least some kind of RIP/OSPF supporting routing daemon.  Purely for use on VPN's, of course!

    I've just spotted that it's in ports, but a web extension for it would be nice.  I did a package of Quagga for smoothwall a while back (web bit didn't work though, but never got round to fixing it) so I might try and do something for pfSense.



  • @kevlatimer:

    Well my vote goes to Quagga, or at least some kind of RIP/OSPF supporting routing daemon.  Purely for use on VPN's, of course!

    I've just spotted that it's in ports, but a web extension for it would be nice.  I did a package of Quagga for smoothwall a while back (web bit didn't work though, but never got round to fixing it) so I might try and do something for pfSense.

    Yes, please do!    If you want to take over the package it currently does not have a maintainer.



  • IPtraf is not a BSD util. Its linux, and it's a ugly hack imo. ;)



  • mmm IDS like snort and adaptive firewalling capabilities like snort-sam

    i.e. kiddie starts scanning me, ids generates firewall rules to block kiddie before he hits my open ports / or temporarily 'hides' those ports.



  • @sullrich:

    @kevlatimer:

    Well my vote goes to Quagga, or at least some kind of RIP/OSPF supporting routing daemon.  Purely for use on VPN's, of course!

    I've just spotted that it's in ports, but a web extension for it would be nice.  I did a package of Quagga for smoothwall a while back (web bit didn't work though, but never got round to fixing it) so I might try and do something for pfSense.

    Yes, please do!    If you want to take over the package it currently does not have a maintainer.

    I'll start having a crack at it today then, my BSD isn't a patch on my Linux but I'm sure I can muddle through ;)



  • http://www.pfsense.com/~sullrich/pfSenseDevelopersVMWareEdition.7z may help…. Full dev environment in vmware.



  • I know this isn't what you want on a firewall normally, but I would like to see a samba client along with rsync for remote backups (I guess with a cron scheduler) through the firewall to a local windows machine.

    I know it would be better to have a seperate machine, but it's just not feasible in my friends enviroment at the time. I've been using a Linux based firewall/server installation at his location, but it's several releases back and I can't upgrade it remotely. pfSense of course is my choice for a firewall, and with just these few features it would fit perfectly in that enviroment, and I'd always be able to remotely maintain the firewall.

    Likely I could just add the packages, but then they would get wiped out with each upgrade…



  • @Superman:

    Likely I could just add the packages, but then they would get wiped out with each upgrade…

    No they won't not unless your doing a clean install. I have Been running a jabber server on my pfSense box that survived several upgrades.
    Likewise, I didnt want to get a separate box just to run a jabber server, so I just installed and configured it on my firewall.



  • Oh, okay, that's cool, I didn't know that!!  ::)

    Thanks Leoandru!



  • Okay, I've tried this out on my own pfSense FW, I can install the packages no problem. I guess I need to make a custom kernel however, because there is now smbfs.ko to be loaded. I tried just copying one from my freebsd system, but that doesn't work. I've built a kernel before, but just with very basic changes. What would I have to do to build the pfSense kernel with only the addition of that one module? Where do I specify for it to build that module?

    Thanks for your help…



  • Some form of packet capturing for use with Ethereal would be incredible!



  • This might be possible for a package?

    Is there a way, (or possible) to have pfSense put IP addresses of people in a sort of temporary pool that will block all access from them, if they say lauch an attack against the router.

    Multiple attempts to attack the router results in a 6 hour ban. Something of that sort.



  • @Zharvek:

    This might be possible for a package?

    Is there a way, (or possible) to have pfSense put IP addresses of people in a sort of temporary pool that will block all access from them, if they say lauch an attack against the router.

    Multiple attempts to attack the router results in a 6 hour ban. Something of that sort.

    That's possible with Snort. However, it's not always desirable to run an IDS in your firewall. Besides, if you have to use such a system, you should be confortable enough to implement it manually, without GUIs.



  • @Leoandru:

    No they won't not unless your doing a clean install. I have Been running a jabber server on my pfSense box that survived several upgrades.
    Likewise, I didnt want to get a separate box just to run a jabber server, so I just installed and configured it on my firewall.

    maybe you could publish the package for the community to use?



  • Anything custom that starts from /usr/local/etc/rc.d/ is not touched during upgrades.

    This is basically the package area (/usr/local/).

    You are pretty safe in adding you own startup files in /usr/local/etc/rc.d/*.sh … We do not touch them during upgrade.



  • I think it would be great to see a package for myNetWatchman (http://www.mynetwatchman.com) if possible. That and perhaps SFTP  :-[



  • @tweak:

    That and perhaps SFTP

    SFTP is already in, it's part of SSH.



  • @fernandotcl:

    SFTP is already in, it's part of SSH.

    This is true, but I'd like to know how to use an SFTP client when the menu is presented after every SSH login…



  • login true a sftp client
    then you don't get that ssh menu



  • I'm not sure if this can be done but some sort of log reporting package which would generate a couple web pages on the statistics….kinda like awstats with a builtin syslog thing....sorta hard to describe but would be cool.



  • @jeroen234:

    login true a sftp client
    then you don't get that ssh menu

    I've tried gftp, putty-tools, hsftp and the sftp binary all with the same result - what would you recommend for a linux sftp client?



  • @tweak:

    @jeroen234:

    login true a sftp client
    then you don't get that ssh menu

    I've tried gftp, putty-tools, hsftp and the sftp binary all with the same result - what would you recommend for a linux sftp client?

    gftp works. Double check your configuration.



  • One I always liked and it was a pain in the ass to configure and to setup Squid with Squid Guard.

    Maybe there is a better content filter out there but SquidGuard seemed to work fairly well.

    I know of a lot of buisnesses/clients that love to have either reality/pornographic/sports/etc/etc websites filtered. Although I havn't messed with SquidGuard in some time it had no Auto Blacklist to update. I did however right a script to grab one from my FTP server ever week when it was updated.



  • I'd like to see gkrellmd(the X11-less daemon only) and bfilter(an ad/script/img blocking proxy).

    Atm I have a gkrellm(thanks to some very nice people from irc) installed but it's lacking an interface to configure it via the web configurator.



  • I've found www.ipp2p.org for iptables/netfilter.
    Is there any packages can do blocking p2p filesharing traffic in FreeBSD/pfSense?