Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.
Table of Contents (15 chapters)

Extending pfSense with Packages

We have already demonstrated how packages can be used to extend the functionality of pfSense in previous chapters. For example, Snort is useful for blocking certain sites and for Layer 7 traffic shaping. HAProxy provides high availability and load balancing capabilities beyond what pfSense natively supports. Packages such as routed and FRRouting enable us to implement dynamic routing. These packages, however, only represent a fraction of what is available. The purpose of this chapter is to cover pfSense packages in greater depth. We will briefly discuss what issues package installation can raise, how to install packages from both the webGUI and the command line, and cover the most important packages. This includes some packages already mentioned, but many which we have not discussed previously.

It is impossible to do justice to all the packages...