Easy Open Source Firewalls with PFSense

Chris Clymer

Chrisclymer.com

What is Pfsense?

• PFSense is a Monowall derivative
• PFSense and Monowall are FreeBSD based firewalls
• Both are meant to replace appliances like Smoothwall, Watchguard, etc.
• Both are completely open source software, and easy to setup and use!

Why PFSense instead of Monowall?

• PFSense supports more features out of the box
• PFSense allows for additional packages to be added easily
• PFSense provides a simple framework for adding your own packages!
• PFSense uses OpenBSD's proven PF firewall, and CARP

Why PFSense instead of a commercial product?

• No upfront monetary investment other than hardware
• No feature lock-out to pay extra for later
• Runs on a wide array of commodity hardware, easily scalable to your environment
• Excellent free community-based support, easy access to developers

Why not use PFSense?

• You need a signed support contract from a large vendor
• You need advanced packet processing only available in expensive products like Checkpoint
• You have a very large amount of bandwidth to route that cannot be handled efficiently on commodity hardware
• You have an intense hatred of BSD licensed software

Getting Started

• Download the proper image from http://pfsense.com
• "LiveCD" is likely the one you want. This allows for an install to hard disk, or to run off the CD
• "Embedded" is designed to run off CF Cards. Excellent for Soekris embedded boxes.
• "Developer" is a VMware Player image designed to give you an environment for building packages and hacking on PFSense

Live CD Installed

• Burn the iso to a CD, boot it on the box you'll be installing to
• You will be asked to answer a few simple questions about your installation
• Once installed, the web interface is accessible at 192.168.1.1 on the LAN interface
• User is: "admin" Password is: "pfsense"

Embedded Install

• Write the embedded image to a Compact Flash card. In Linux you can use "dd".
• In Windows you can use Physdiskwrite, available here: http://m0n0.ch/wall/physdiskwrite.php
• Box will automatically boot with 192.168.1.1 LAN IP, and admin/pfsense login credentials