Prevent IPv6 multicasts from flooding the pfSense logs - pfSense - Zomers Knowledgebase If you have a pfSense box running with IPv6 enabled, you might notice that your pfSense firewall logs many link local to IPv6 multicast packets (ff02::/28). This happens because these are caught by the default deny rule in pfSense. In order to prevent these packets from flooding your logs, you can add a firewall rule which represents these specific packets and prevents them from falling into the default deny rule thus being logged. In order to add this rule, follow these steps: Log on to the webserver of your pfSense boxIn the top menu, go to Firewall -> RulesGo to the Floating tabClick on the little + icon at the right bottom to add a new ruleFill in the form as shown on the screenshot below (click on it to enlarge).
Open Source Firewall Appliance - UTM Linux Security Distribution Open Source, Free, Community-Supported Security Solution Endian Firewall Community (EFW) is a "turn-key" linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The software has been designed with "usability in mind" and is very easy to install, use and manage, without losing its flexibility. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). A Proving Ground for Endian UTM Appliances EFW is a pure Open Source solution: Endian promotes its development, working with the Open Source community to build a complete, secure and stable firewall exclusively from Open Source software.
Squid Package Tuning Performance Tweaks Some users have reported that making the following change has greatly increased performance: Edit /boot/loader.conf.local Change kern.ipc.nmbclusters="0" to kern.ipc.nmbclusters="32768" Reboot the pfSense router Some people have also seen better performance by using the ufs cache filesystem setting. BigAdmin Feature Article: Patch Management Best Practices Oracle acquired Sun Microsystems in 2010, and since that time Oracle's hardware and software engineers have worked side-by-side to build fully integrated systems and optimized solutions designed to achieve performance levels that are unmatched in the industry. Early examples include the Oracle Exadata Database Machine X2-8, and the first Oracle Exalogic Elastic Cloud, both introduced in late 2010. During 2011, Oracle introduced the SPARC SuperCluster T4-4, a general-purpose, engineered system with Oracle Solaris that delivered record-breaking performance on a series of enterprise benchmarks. Oracle's SPARC-based systems are some of the most scalable, reliable, and secure products available today. Sun's prized software portfolio has continued to develop as well, with new releases of Oracle Solaris, MySQL, and the recent introduction of Java 7. Oracle invests in innovation by designing hardware and software systems that are engineered to work together.
Network Monitoring Tools Les Cottrell, SLAC. Last Update: December 14, 2015 ESnet | ESCC | PinGER Internet monitoring | Tutorial This is a list of tools used for Network (both LAN and WAN) Monitoring tools and where to find out more about them. The audience is mainly network administrators. You are welcome to provide links to this web page. Please do not make a copy of this web page and place it at your web site since it will quickly be out of date. See here if you wish to suggest additions or changes. Using the PHP pfSense Shell Using The PHP pfSense Shell Using the PHP pfSense shell allows configuration of the config.xml file directly without needing to use the webConfigurator. Using this system can also allow rapid deployment of pfSense and or the setup of exotic configurations. The following will show an example session, with the text coming from the "help" command in the PHP shell. Follow each line or group of lines to run with "exec;".
The Hunt For the Ultimate Free Open Source Firewall Distro I've been a hard-core Untangle fan for several years now, but I recently wanted to explore other firewall options. Being wrapped around a commercial product, Untangle charges money for its high-end features. However, I figured since most all those features are covered by the open source community, there must be non-commercial options out there. FreeRADIUS 2.x package FreeRADIUS 2 package on pfSense 2.x Installation In pfsense 2.x go to System => Packages => Available Packages and click on the + behind freeradius2. After Installation go to Services => FreeRADIUS First Configuration
SpamBlacklist The SpamBlacklist extension prevents edits that contain URLs whose domains match regular expression patterns defined in specified files or wiki pages and registration by users using specified email addresses. When someone tries to save a page, SpamBlacklist checks the text against a (potentially very large) list of illegal host names. If there is a match, the extension displays an error message to the user and refuses to save the page. Installation and setup[edit | edit source] wall m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format. In m0n0wall 1.8.1, the base system has been switched to FreeBSD 8.4 for better support of recent hardware, and there have been significant improvements, new features and bug fixes in many areas.
Routing internet traffic through a site-to-site IPsec tunnel in PfSense 2.1 In PfSense versions before 2.1 you could create site-to-site IPsec tunnels to connect two or more sites together. This worked fine but you couldn’t (from the web interface) route internet traffic from site A through the IPsec tunnel so that it would use site B’s internet connection. PfSense version 2.1 introduces that possibility. In such a setup internet traffic from Site A would appear to be coming from Site B. We had to use this because a vendor would check from which public IP an incoming connection was initiated.
5 Best Open Source Firewalls - Page 2 This is known as bricking, because the router was about as useful as a brick if this happened. These days you still have to be careful, but it's much safer and easier now. You can flash new firmware via your router's Web interface, so the primary risk is a power interruption. It takes maybe five minutes to flash the new firmware, so if you can keep the lights on that long you're golden. There are also a number of vendors that have seen the light and, rather than maintaining their own firmware, they install DD-WRT or OpenWRT. That means you can buy it all prefab and ready to go to work.