DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th August 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 124
Default pfSense vs traditional pf

I was curious what you guys thought of pfSense as a replacement for pf.

What are the advantages disadvantages of using it for your firewall?
Reply With Quote
  #2   (View Single Post)  
Old 6th August 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You're asking in the wrong subforum.

pfSense
is a turnkey system based on FreeBSD, and is dependent upon one of the FreeBSD forks of PF. There were two: FreeBSD 8.2's PF syntax is equivalent to OpenBSD PF at release 4.1, and FreeBSD 9's syntax is equivalent to OpenBSD at release 4.5.

I've never used pfSense and have no comment on it.
Reply With Quote
  #3   (View Single Post)  
Old 6th August 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 124
Default

I have read alot of posts on FreeBSD forums reguarding pfSense but I wanted to get the REAL guys take on it vs editing pf.conf with vi.
Reply With Quote
  #4   (View Single Post)  
Old 6th August 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by EverydayDiesel View Post
What are the advantages disadvantages of using it for your firewall?
pfSense is layered on top of PF. As such, you are trusting that it is synchronized with the underlying technology, & this includes the correctness of the rules it generates.

All software has flaws. While the bells & whistles pfSense provides may entice many, it does not provide anything more than (& perhaps less...) than a well-tuned pf.conf file itself.

No, most here are not enamoured with pfSense. The benefits are not that great, & it introduces new complexity which needs to be managed.
Reply With Quote
  #5   (View Single Post)  
Old 6th August 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by EverydayDiesel View Post
I wanted to get the REAL guys take on it...
It depends who you define as REAL.

One possible source for reality is the PF Mailing List. This is a low volume, somewhat OS independent discussion list. It is distinct from the freebsd-pf list for specific discussion of their forks.

In 2006, there was a short thread about pfSense. In that thread was this comment:
Quote:
Originally Posted by Tobias Weisserth
The problem is having unnecessary services exposed on a firewall machine (in order to have the web interface). pf is easy enough to configure "manually"...
At the end of the thread, Johann Allard mentioned his pfw application. Among active users here, in 2008 s0xxx mentioned having used that tool, and may have comments about his experience.

Last edited by jggimi; 6th August 2014 at 05:27 PM. Reason: clarity, typo
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Traditional RAID is outdated and dying on its feet J65nko News 0 3rd March 2014 11:08 PM
pfsense help please st4rtx FreeBSD Security 0 15th August 2011 09:01 PM
pfsense wireless AP - lost packets AndreyS FreeBSD General 0 7th June 2008 05:38 PM


All times are GMT. The time now is 10:40 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick