Packages wishlist?



  • @mrsense:

    I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.

    http://www.sysmon.org/config.html

    Rrealtime accounting and monitoring would be nice to have as well:
    pktstat (FreeBSD port exists)
    ->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue').

    iftop (FreeBSD port exists)
    ->listens to network traffic on a named interface,  or on  the  first  interface  it can find which looks like an external interface if none is specified,  and  displays  a table of current bandwidth usage by pairs of hosts.

    monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
    ->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

    my 2c…

    regards,
    mr-s

    Try a pkg_add -r nagios I think you will be surprised what it will do out of the box.  There are still some bugs that I am working with on my box from the stock install, but a person with some time could easily get it going I think.



  • I'd like to see some options for snort to include bleedingrules, controlled ip blocking. Maybe have an option to move the blocked ips to a permanent blacklist. A file editor option for snort.conf that lets you permanently make changes to the file for tuning. mysql support for snort to log to a database. It would also be nice to have the option to pull the rules from a different location like a local webserver.that would be awesome!!



  • @WildTangent:

    I'd like to second the request for TorrentFlux. This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.

    WTF! what kind of person are you, putting a torrent client on a firewall ! makes me wanna cry  :'( :'( :'( :'(



  • Blame d-link.  IIRC they started this blasphemy practice.



  • someone mentioned putting a file server up on it, although, that defeats the purpose of having a dmz, i don't know how i feel about having files on my firewall? i think an anti spyware/virus package would be great, that scanned incoming traffic..



  • A non-spooling p910nd style print server.

    Since pfsense is the only box that is on 24/7 in my small office, it would be nice to have a printer attached to it.
    Can anyone make a package out of this: http://etherboot.sourceforge.net/p910nd/  ?



  • Hello everybuddy
    First sorry for my english.
    Second pfsense it's bryliant projekt.
    Therd i have small network (wireless network with 200 users) and I have very offen problems when some of my wirelles link is broken because i work 200 kilometers from place wher i have this network and it was verry helpfull for me if sombody public packages to monitor network and send SMS when maybe ping is lost or some services are stop
    Thank You for all
    Greetings



  • Hello everybuddy
    First sorry for my english.
    Second pfsense it's bryliant projekt.
    Therd i have small network (wireless network with 200 users) and I have very offen problems when some of my wirelles link is broken because i work 200 kilometers from place wher i have this network and it was verry helpfull for me if sombody public packages to monitor network and send SMS when maybe ping is lost or some services are stop
    Thank You for all
    Greetings

    Do you have a diagram….. i was thinking about SNMP to watch over things.
    But never the less you could start a Bounty for your packages.



  • I was thinking about sms to inform when somthing is broken because even if You are on hollidays you have mobile in your pocket all the time but laptop with internet conection very rare, so this sms can alarm you that somthing is wrong and you can fix problem very fast (find some internet caffe) or call to home and tell sombuddy what he can do to fixit. About the bounty sorry but I am only PLC programmer and have a basic know how about networking, so i must use somthing ready.
    Grettings



  • May be e-mail notification and mobile mail-agent solved you problem?
    For example: cron executed every 1…10 minute task, what check you services and if alarm - sent e-mail notification. Need find script or program what can do services checking

    Internet2SMS services very specific and get of pay in moust times.



  • I agree,
    the HTTP Antivirus-Function should be a basic part of a firewall.



  • Hello all

    I have spent a couple of hours on these forums, for the first time after almost a year of install of my pfsense box…not a good community member, I'm afraid  :(

    However, since after changing my firewall distro more than a few times, I have decided on pfsense and will now be putting in a few bounties, to see if I can get a few things I want incorporated.

    Here are my views:

    • A firewall gateway distro should remain a firewall gateway distro and run as few applications as possible.
    • That said, one cannot ignore the smaller SME users like myself, who have only one machine running 24/7 and thats the pfsense box, hence the need for some applications.
    • However, since security is a firewall's main job & routing the gateway's main job....these two should not be compromised, if at all possible and extended wherever possible.
    • I would vote for all packages that don't need incoming port access from the WAN. One can have time server, transparent proxies of all kinds (outgoing), caching dns server, ftp server for Lan clients and so on.
    • But what I would really like to see all kinds of IDS, IPS, Load-sharing, Load-balancing, reporting on various usage stats from a users point of view that a normal small office cannot dedicate more than one computer to. E.g. today we have snort but nothing to analyse its input say snort sam or squill or acid, we have squid but no dansguardian like package, an improved IMespector proxy.
    • Having said all that, I don't think that a mail server or any other server that accepts incoming connections from outside should be put on a perimeter firewall. If you are big enough to have run your own domains then you should invest in a DMZ machine and then offload as many applications to it from the main pfsense box, as you can. But then again, you can have a DMZ in main office & a hybrid pfsense server in branches. After all you are the one footing the bill for any problems arising out of an implementation decision.
    • I think the direction of the project is very right but the community really needs to create a method for maintainence of old packages in addition of creation of new packages.

    I hope I have not put the reader to sleep  ;D

    With best regards.
    Sanjay.



  • Hello, I'd like to see a speed test for the WAN port. If I get an idea to check the speed from my ISP I hook my laptop up directly to the cable modem and use dslreports.com/stest a couple of times, then hook everything back up. It would be quicker for my users and perhaps safer for my laptop if there were a function to cut off all my LAN traffic, perform some kind of speed test, re-enable the LAN and post the results on screen or in a log.
    Thanks,
    Vinc Duran



  • I would very much like IPS (Intrusion Protection System) and, when secure enough, possibilities for an internet http- or e-mailproxy. This should make pfsense a more complete competition for the commercial solutions.



  • @billm:

    @Cojo:

    I would just love to see a package with LCDproc so i can output used bandwidth, Memory and CPU usage, States and so on.

    This has been discussed before somewhat…we'll need some supported LCD's to develop and test this on.

    --Bill

    I could send a CrystalFontz 20X4 Serial Display. I would not need this returned either. It would be awesome to get support for these in pfSense. I may even be able to purchase one of these, if it can be returned to me after getting it all working. Getting the buttons to do various things, all configured through the web gui would be a sweet bonus.

    brianw



    1. I would like to be able to see if package is running (or stopped) right from package's main page.

    2. I would like snort create alias for each category (snort-attack-responses, snort-backdoor) and add offenders to corresponding aliases.  That way I could create my own rules (and schedules).

    my2c



  • There is in project need in package squidGuard?
    ps I already sent sources to CoreTeam.



  • Make FreeRadius package able to send WISPr attributes…

    Even if pfSense cannot use them currently, it will in the future and some people have a setup like mine, with pfSense and Monowall



  • (Didn't know where to place this message, but this thread kinda seems appropriate.)

    Is there a way to (a la "Check Point") have a GUI tool to FILTER through the firewall rule logs for key elements such as:

    • source IP
    • Destination IP
    • Rule # (in the policy)
    • Network Service(s) in use (eg.  HTTP, or TCP 80)
    • Source Port (of the TCP session)
    • date, time
    • Listening NIC
    • (perhaps some reference to a VPN that is in use)

    … 'cuz that'd be just awesome!

    Thanks, in advance,

    NT Sux



  • @naivula:

    A non-spooling p910nd style print server.

    Since pfsense is the only box that is on 24/7 in my small office, it would be nice to have a printer attached to it.
    Can anyone make a package out of this: http://etherboot.sourceforge.net/p910nd/  ?

    I'd also be very interested in something like this



  • Hi

    I would just love to see a LinuxVirtualServer package with CARP an a real time monitoring utility for servers.

    I've found a chineese tutorial for freebsd6.1 that i translate in english.
    I gonna try it in a few days. I hope it will work fine  ;D on pfsense too.
    Now i just want to know if this could enter the package wishlist  :P ?

    Sorry for my poor english.

    Thanks in advance.
    Nicolas



  • Hey :-)

    I'm looking for an Montitoring System on PfSense ala Nagios or IPMonitor.

    Is there any possibility?

    Greetz



  • I see that this has been requested a few times, but I'd like to add one more request for DansGuardian.



  • @Antioxidan:

    Hey :-)

    I'm looking for an Montitoring System on PfSense ala Nagios or IPMonitor.

    Is there any possibility?

    Greetz

    We have a zabbix agent in packages.



  • I'm very interested in trying to get a good SIPproxy/Server into pfSense
    and the following looks quite promising as it seems to be very
    lightweigh, scalable and adaptable and powerful.

    http://www.openser.org/mos/view/Features/

    I'm going to make a small study if it's feasible to adapt it for
    pfSense but I know it's a big undertaking to get it integrated
    and i'm doubting my skills to do it.

    some highlights

    • robust and performant SIP (RFC3261) Registrar server, Location server, Proxy server and Redirect server
    • small footprint - the binary file is small size, functionality can be stripped/added via modules
    • plug&play module interface - ability to add new extensions, without touching the core, therefore assuring a great stability of core components
    • authentication, authorization and accounting (AAA) via database (MySQL, Postgress, text files), RADIUS and DIAMETER
    • digest and IP authentication
    • load balancing with failover
    • multiple database backends - MySQL, PostgreSQL, flat files and other database types which have unixodbc drivers

    just to name a few.  See full featurelist in the link above.

    Comments anyone ?



  • It has even ready web interfaces so you can actually customize for pfSense easily if you need it.



  • I'd like to have an IGMP proxy as per this thread:  http://forum.pfsense.org/index.php/topic,4491.0.html
    It would enable IPTV on German VDSL lines…



  • Please, please, please consider adding OpenVPN-auth-LDAP.

    Thanks,
    Mike



  • OpenVPN with filtering rules….



  • @heiko:

    OpenVPN with filtering rules….

    That already exists in 1.3.



  • Still looking for an SSL VPN.
    I posted a bounty a while ago.
    Something like SSL-Explorer: 443 based, no installation on the client side necessary.
    Did not make it into tha base because SSL-Explorer uses Java. But as a package?
    (Does not need to be SSL-Explorer, just a good example.)
    Thanks.



  • @mrzaz:

    I'm very interested in trying to get a good SIPproxy/Server into pfSense
    and the following looks quite promising as it seems to be very
    lightweigh, scalable and adaptable and powerful.
    http://www.openser.org/mos/view/Features/
    I'm going to make a small study if it's feasible to adapt it for
    pfSense but I know it's a big undertaking to get it integrated
    and i'm doubting my skills to do it.

    Looks VERY interesting. Have you tried setting it up on a normal Linux?



  • @fribert:

    @mrzaz:

    I'm very interested in trying to get a good SIPproxy/Server into pfSense
    and the following looks quite promising as it seems to be very
    lightweigh, scalable and adaptable and powerful.
    http://www.openser.org/mos/view/Features/
    I'm going to make a small study if it's feasible to adapt it for
    pfSense but I know it's a big undertaking to get it integrated
    and i'm doubting my skills to do it.

    Looks VERY interesting. Have you tried setting it up on a normal Linux?

    Nope, not yet…  Got occupied with in my real world.  (waiting for a baby)

    //Dan Lundqvist



  • I would like to see spamd back on the package list for inbound spam-filtering and sendmail for outbound email only. If needed I can put a bounty for someone helping me create a lightweight version of sendmail package.



  • @cdsu:

    I would like to see spamd back on the package list for inbound spam-filtering and sendmail for outbound email only. If needed I can put a bounty for someone helping me create a lightweight version of sendmail package.

    Check the bounty section, spamd is already on the list there. Maybe contribute to this bounty if you are really interested in this.



  • An ospf package would be great (don't know if there is a bounty yet though).



  • I would really like to see dansguardian added as a package. It is far superior to squidguard.



  • @librarymark:

    I would really like to see dansguardian added as a package. It is far superior to squidguard.

    Already been requested countless times and debunked countless times due to its license.



  • @fribert:

    Looks VERY interesting. Have you tried setting it up on a normal Linux?

    Repeat after me FreeBSD is not Linux  :P



  • "Already been requested countless times and debunked countless times due to its license."

    How is that? Does that mean I have been using it illegally all this time?


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy