Book Image

pfSense 2.x Cookbook - Second Edition

By : David Zientara
Book Image

pfSense 2.x Cookbook - Second Edition

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.
Table of Contents (18 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Introduction


pfSense is open source software that can be used to turn a computer into a firewall/router. Its origins can be traced to the FreeBSD packet-filtering program known as PF, which has been part of FreeBSD since 2001. As PF is a command-line utility, work soon began on developing software that would provide a graphical frontend to PF. The m0n0wall project, which provides an easy-to-use, web-based interface for PF, was thus started. The first release of m0n0wall took place in 2003. pfSense began as a fork of the m0n0wall project.

Version 1.0 of pfSense was released on October 4, 2006, and version 2.0 was released on September 17, 2011. A key point in the development of pfSense took place with the release of Version 2.3 on April 12, 2016. This version phased out support for legacy technologies such as Point to Point Tunneling Protocol (PPTP), Wireless Encryption Protocol (WEP), and Single DES, and also provided a face-lift for the web GUI. Version 2.4, released on October 12, 2017, continues this trend of phasing out support for legacy technologies while also adding features. Support for 32 bit x86 architectures has been deprecated, while support for Netgate Advanced RISC Machines (ARM) devices has been added. A new pfSense installer (based on FreeBSD’s bsdinstall) has been incorporated into pfSense, and there is support for the ZFS filesystem, as well as the Unified Extensible Firmware Interface (UEFI). pfSense now supports multiple languages; the web GUI has been translated into 13 different languages.

This chapter will cover the basic configuration steps common to virtually all deployments. Once you have completed the recipes in this chapter, you will have a fully functional router/firewall. By following the recipes in subsequent chapters, you can enhance that functionality by adding specific firewall rules, enabling traffic shaping, adding load balancing and multi-WAN capabilities, and much more.