pfSense Forum

pfSense English Support => Packages => Topic started by: john3voltas on November 03, 2005, 04:59:24 am

Title: Packages wishlist?
Post by: john3voltas on November 03, 2005, 04:59:24 am
@Admins
I know that this is the time to settle down and hunt critters to reach 1.0 with reliability.
But I'd like to start this topic for the long run future.

@all
Hi guys,
I was wondering, wish packages would you like to see in pfSense besides the ones that we already have?
Post your thoughts.

Cheers
Title: Re: Packages wishlist?
Post by: b1ackhat on November 03, 2005, 10:13:50 am
I think that after "a reliable version" pfSense should enable interaction with other free/commercial products, or at least stablish an API in order to communicate other products with pfsense in a structured manner ;)

Hope this helps and likes ;)

Regards!

jonathan
Title: Re: Packages wishlist?
Post by: lsf on November 03, 2005, 12:09:30 pm
Go ahead, This thread is now stickied.

Maybe later we can add polls based on what's in this and other whislists.

Please do NOT crosspost or post duplicates.
Title: Re: Packages wishlist?
Post by: submicron on November 03, 2005, 11:22:55 pm
Just judging from the comments on the mailing list I think the following packages are probably likely to show up on the wishlist:

HAVP (especially if it can be integrated cleanly with squid)
Dansguardian (probability of licensing issues for commercial users)
p3scan (will require either dspam or spamassassin)

I'd be interested to see what other spam/virus filtering solutions people would like to see packaged up.  For a firewall, there isn't a single pre-packaged solution to do the job.  I think after the new package infrastructure is in place there will be a real influx of very interesting packages.  At least I hope so. 
Title: Re: Packages wishlist?
Post by: fuzzy on November 04, 2005, 08:03:50 am
It depends on what the focus of pfsense is?† and what the developers define as a successful project.

Distrowatch has hundreds of distros and projects each with a focus that is successful or not so.† If a definition of success is the sheer number of users and the size of the community, then features are critical in the development of a distro. There are a number of projects in the firewall space each with their own advantages, however if pfsense is to become a hugely successful community then looking at firewall project features that are popular is important as this will attract interest to develop a community.

For example IPCop is sucessful in that it has had 2.5 million downloads for the 1.4 series, however I do not think the project developers are aware just how much the addons with features such as content filtering and client side friendly VPN projects such as OpenVPN popularize the project.

Given this, how does a†development team decide what will be a successful feature?
Title: Re: Packages wishlist?
Post by: fuzzy on November 04, 2005, 09:07:36 am
If this forum was to incorporate† a feature where users could submit packages for consideration to a poll or vote, then the development team would get information to help them decide as to the potential success of a package or feature.
This poll/vote could be held over weeks or months and could be further developed to allow users to make an optional† donation alongside† their vote to help with development.
Title: Re: Packages wishlist?
Post by: hoba on November 04, 2005, 09:37:45 am
A successful feature is a feature that fits the need of a user. As this is the package section and we are not speaking of standard basefeatures of pfSense it's pretty up to the user to decide if he needs it or not. I'm sure there will be some packages that are not meant to be used at the firewall itself and that might not make sense on a firewall at all. Think more abstract here. Think of a "NAS-pfSense" for example utilizing samba configured by a nice webGUI interfacing with an external Radiusserver? Or think of a "VoIP-pfSense"? Just like the ftp-server package (which is marked with "use it NOT at your firewall, use it as seperate server") which is the first package of that kind. The packagesystem is kept very "open" and once it hit's a final state and gets some documentation I hope we'll see a lot of nice applications, covering firewalling and other topics.
Title: Re: Packages wishlist?
Post by: Cojo on November 05, 2005, 09:38:33 am
I would just love to see a package with LCDproc (http://lcdproc.omnipotent.net/) so i can output used bandwidth, Memory and CPU usage, States and so on.
Title: Re: Packages wishlist?
Post by: billm on November 05, 2005, 12:02:29 pm
I would just love to see a package with LCDproc (http://lcdproc.omnipotent.net/) so i can output used bandwidth, Memory and CPU usage, States and so on.

This has been discussed before somewhat...we'll need some supported LCD's to develop and test this on.

--Bill
Title: Re: Packages wishlist?
Post by: deadlygopher on November 05, 2005, 04:45:58 pm
The two packages I most want are xsupplicant, and bind.
Title: Re: Packages wishlist?
Post by: billm on November 06, 2005, 08:28:18 am
The two packages I most want are xsupplicant, and bind.

Hmmm, what are you trying to do with xsupplicant?

--Bill
Title: Re: Packages wishlist?
Post by: erisan on November 06, 2005, 11:38:44 am
I would like to see MRTG/RRDTOOL integrated, to show graphs on latency, wan/lan/wifi/dmz traffic, cpu/disk usage, etc...

Keep up the good work.

Greetings EriSan
Title: Re: Packages wishlist?
Post by: sullrich on November 06, 2005, 01:57:51 pm
I would like to see MRTG/RRDTOOL integrated, to show graphs on latency, wan/lan/wifi/dmz traffic, cpu/disk usage, etc...

Keep up the good work.

Greetings EriSan

Most of this is supported now in the pfstat package
Title: Re: Packages wishlist?
Post by: carboncopy on November 06, 2005, 07:10:14 pm
I'd really love to see snort added to the packages.  Squidguard would also be a nice addition.
Title: Re: Packages wishlist?
Post by: Myntric on November 06, 2005, 07:11:46 pm
I'd really love to see snort added to the packages.  Squidguard would also be a nice addition.

I've already got plans on a squidGuard package once I've gotten Squid to a stable release.

Mike
Title: Re: Packages wishlist?
Post by: fuzzy on November 08, 2005, 07:16:14 am
Quote
For example IPCop is sucessful in that it has had 2.5 million downloads for the 1.4 series, however I do not think the project developers are aware just how much the addons with features such as content filtering and client side friendly VPN projects such as OpenVPN popularize the project.

To define how important /popular certain features are over other features, a whole new firewall distro endian has been developed from IPCop. Here is what it states about the features it has on the home page.

Quote
The features include a stateful packet inspection firewall, application-level proxies for variuos protocols (HTTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN).
Title: Re: Packages wishlist?
Post by: carboncopy on November 08, 2005, 07:54:48 am
I'd really love to see snort added to the packages.  Squidguard would also be a nice addition.

I've already got plans on a squidGuard package once I've gotten Squid to a stable release.

Mike


Mike,

I am really looking forward to that!! Great work so far I love Pfsense, such a great idea!!!  ;D

Title: Re: Packages wishlist?
Post by: Cyrandir on November 08, 2005, 05:42:27 pm
I'm really looking forward to the squidGuard package too, once squid is stable
Title: Re: Packages wishlist?
Post by: pbs on November 23, 2005, 06:08:49 am
I don't know if you guys know hamachi (http://www.hamachi.cc) I have a virtual network card for it in my linux box and I love it, I can always "call home" from anywere I am.
Having a virtual Hamachi interface on a pfSense box would be totally great!
Title: Re: Packages wishlist?
Post by: lsf on November 23, 2005, 12:32:48 pm
This looks interesting, I'll have a look at it. Seems it's for linux though, so it might need some porting.
Title: Re: Packages wishlist?
Post by: colin_ on November 23, 2005, 02:15:26 pm
I don't know if you guys know hamachi (http://www.hamachi.cc) I have a virtual network card for it in my linux box and I love it, I can always "call home" from anywere I am.
Having a virtual Hamachi interface on a pfSense box would be totally great!

Hamachi's source is closed, and nobody has reported success running it on BSD systems. A developer stated back in September that demand for a BSD version is high enough that they may look into making one in the future.
Title: Re: Packages wishlist?
Post by: pbs on November 24, 2005, 03:08:52 am
There is actually somebody that was running it on OpenBSD (with few problems) http://forums.hamachi.cc/viewtopic.php?t=1079&highlight=bsd
Title: Re: Packages wishlist?
Post by: colin_ on November 24, 2005, 06:17:11 pm
There is actually somebody that was running it on OpenBSD (with few problems) http://forums.hamachi.cc/viewtopic.php?t=1079&highlight=bsd

I believe the topic in question referred to running Hamachi on a Windows or Linux system that was set up behind the pf firewall - not running the client itself on BSD.
Title: Re: Packages wishlist?
Post by: pbs on November 25, 2005, 02:24:13 am
Now that i had a chance to read it again ... it make sense ... sorry!  :-X
Title: Re: Packages wishlist?
Post by: nimda79 on November 25, 2005, 12:36:21 pm
I want a wireless scanning program like kismet if we can get it in.
Title: Re: Packages wishlist?
Post by: sullrich on November 25, 2005, 01:27:46 pm
I want a wireless scanning program like kismet if we can get it in.

We have pkg_add.

Run (from a shell prompt):

pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All/kismet-200507.r1a.tbz
rehash

Then kismet will be available from a shell
Title: Re: Packages wishlist?
Post by: Holbrookau on November 25, 2005, 04:17:12 pm
Id like to see the broken FreeRadius package updated and fixed. Please?  ;)
Title: Re: Packages wishlist?
Post by: sullrich on November 25, 2005, 05:41:07 pm
Id like to see the broken FreeRadius package updated and fixed. Please?  ;)

Patches accepted -- We are busy fixing bugs in the base system.
Title: Re: Packages wishlist?
Post by: bruor on December 04, 2005, 10:46:20 am
i would like to see a package for cups.  it would be useful to have the ability to use this machine as a *nix print server for small businesses
Title: Re: Packages wishlist?
Post by: submicron on December 08, 2005, 07:37:14 pm
i would like to see a package for cups.  it would be useful to have the ability to use this machine as a *nix print server for small businesses


Generally an extremely bad idea.  Firewalls shouldn't also be used as general purpose servers.  But hey, in the spirit of "allowing one to shoot oneself in the foot" I suppose if someone wrote a package for this it'd be added.
Title: Re: Packages wishlist?
Post by: sullrich on December 08, 2005, 09:14:35 pm
This will make more sense down the road when the package manager outgrows pfSense and we become a firewalling or server platform. :P
Title: Re: Packages wishlist?
Post by: Wizarden on December 12, 2005, 06:03:06 am
Can you add trafd(bpft) with mysql or cnupm, and WEB interface for him?
Title: Re: Packages wishlist?
Post by: sullrich on December 12, 2005, 10:29:01 am
Can you add trafd(bpft) with mysql or cnupm, and WEB interface for him?

Can we?  No.   Can you?   Yes.

We'll happily take package submissions but the coreteam is too busy to create packages.
Title: Re: Packages wishlist?
Post by: Wizarden on December 12, 2005, 11:36:05 am
ok, when i build package i tell you.

But i have some question, how to be with /etc/crontab? On update pfsense he is clear, but i need it. Or you use another task sheduler system?
Where can i get specifiaction for xml parametrs for web interface? To do web interface.
Title: Re: Packages wishlist?
Post by: sullrich on December 12, 2005, 11:44:23 am
ok, when i build package i tell you.

But i have some question, how to be with /etc/crontab? On update pfsense he is clear, but i need it. Or you use another task sheduler system?
Where can i get specifiaction for xml parametrs for web interface? To do web interface.

Use /etc/crontab.  We have a function call to update a file with a line.

For studying, use cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/packages
Title: Re: Packages wishlist?
Post by: pbs on December 16, 2005, 01:33:30 pm
FreeNAS should be pretty easy to integrate into pfSense as a pkg ... it seems a good way to use extra HD's  :-\
http://www.freenas.org/
Title: Re: Packages wishlist?
Post by: sullrich on December 16, 2005, 01:50:40 pm
FreeNAS should be pretty easy to integrate into pfSense as a pkg ... it seems a good way to use extra HD's  :-\
http://www.freenas.org/

Different goals.   We do not plan on turning pfSense into a server platform just yet.  We need to focus on firewalling.
Title: Re: Packages wishlist?
Post by: Leoandru on December 31, 2005, 05:16:08 pm
I wouldnt mind helping with the package development, but I will need to go learn web programming. php it seems.
Title: Re: Packages wishlist?
Post by: sullrich on December 31, 2005, 05:21:23 pm
Currently our package manager uses:

Title: Re: Packages wishlist?
Post by: Leoandru on December 31, 2005, 07:16:18 pm
Currently our package manager uses:

  • XML
  • PHP
  • Shell Scripts
  • Much sweat and tears

No problem. already got the xml and shell scripting down, its the php part that I have no experience with. anyhow I dont thing It should be hard for me to learn since im a programmer.   ;)
Title: Re: Packages wishlist?
Post by: duderz on January 04, 2006, 04:03:40 pm
I would love to have nano (the text editor)

Edit
Grrr..here I go and try to figure out how to compile from source code and all that it took was pkg_add -r nano && rehash
Thanks. I'm not so familiar with freebsd so I tend to do stuff backwards  ::)

http://www.freebsd.org/cgi/man.cgi?query=pkg_add&sektion=1
Title: Re: Packages wishlist?
Post by: sullrich on January 04, 2006, 04:08:34 pm
pkg_add -r nano
rehash

Title: Re: Packages wishlist?
Post by: nexusone on January 18, 2006, 10:06:24 pm
know what i would love?   I'd love to see this "distro" remain lean and super good at being a firewall.

You want statistics and graphs? setup cacti somewhere on your network and use snmp to monitor your firewall.
You want a print server? set one up on your network somewhere.
You want dozens of other non-firewall/non-content filtering related things? Set them up.

For god sakes, let your firewall be what it is intended to be.... safe, fast, stable, and secure --- inside AND out.

While I dont think a full bind implementation is the greatest idea, especially considering the numerous security exploits via bind over the years, but a "light" version as a package would be really beneficial for those of us who have reverse dns delegated to us. In my particular case, I host all my forward dns with my domain registrar, while my datacenter provider has control of my IP space. They dont do any special reverse dns hosting for anyone, but will happily delegate it out.

Something as simple as having an extra field listed along side my virtual ips for "reverse dns response" or "reverse dns name" would be SO great. VIPS get cached by arp, the traffic flows to the firewall. I have my provider delegate rev-dns to my firewall wan ip and rev-dns responses could be easily served. Doesnt need to be a fancy full implementation of bind, but even the most rudimentary functionality would be a huge time saver for me.

my 2 cents.
Title: Re: Packages wishlist?
Post by: rexster on January 18, 2006, 10:12:58 pm
asterisk@home
 ;D
Title: Re: Packages wishlist?
Post by: sullrich on January 18, 2006, 10:16:19 pm
my vote is cs source server.

/me ducks
Title: Re: Packages wishlist?
Post by: Leoandru on January 18, 2006, 10:32:25 pm
know what i would love?   I'd love to see this "distro" remain lean and super good at being a firewall.

You want statistics and graphs? setup cacti somewhere on your network and use snmp to monitor your firewall.
You want a print server? set one up on your network somewhere.
You want dozens of other non-firewall/non-content filtering related things? Set them up.

For god sakes, let your firewall be what it is intended to be.... safe, fast, stable, and secure --- inside AND out.

If you want lean and mean, no problem, just install the bare bone pfSense.
But I'd say if the pfSesne community wants to create a package to use pfSense as a print server or whatever let them do it. if you dont want it on your box simple don't install it. Let the users decide what they want to do with their firewall, I'm sure the core dev team wont put time into creating half these packages, If the community wants to dev packages let them go ahead include the packages as they see fit and leave the decision in the hands of the user. thats just my 2 cents.
Title: Re: Packages wishlist?
Post by: sullrich on January 18, 2006, 10:56:19 pm
If you want lean and mean, no problem, just install the bare bone pfSense.
But I'd say if the pfSesne community wants to create a package to use pfSense as a print server or whatever let them do it. if you dont want it on your box simple don't install it. Let the users decide what they want to do with their firewall, I'm sure the core dev team wont put time into creating half these packages, If the community wants to dev packages let them go ahead include the packages as they see fit and leave the decision in the hands of the user. thats just my 2 cents.

Amen.  That's exactly our idea and rationale up to this point.  It's you're box, you can do what you want.   It may not always be a good idea to do so, but you have that choice.
Title: Re: Packages wishlist?
Post by: bmacauley on January 23, 2006, 07:48:13 am
How about iptraf?

IPTraf is a pretty useful realtime network monitoring package

http://iptraf.seul.org/

Regards,
Brian
Title: Re: Packages wishlist?
Post by: freeseacher on January 26, 2006, 08:03:46 am
May be if don't miss some thing and understand the main idea of project
1. ng_netflow and some web_iface for it.
2. flow-tools ( here i would like to tell some words about why: on radioethernet it will be usefull to collect data localy and send to some server by cron)
3. tcshrc from /usr/ports/shells/tcshrc/. I understand that main idea of project is to make little and easy web based router/firewall but if something wrong i as always first try to see whats going on by ssh not by web_iface
4. syslog_ng or some thing to move logs from router to another server
seems to be all
Title: Re: Packages wishlist?
Post by: hoba on January 26, 2006, 08:26:15 am
IPTraf is a pretty useful realtime network monitoring package
Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.
Title: Re: Packages wishlist?
Post by: submicron on January 26, 2006, 10:30:20 am
IPTraf is a pretty useful realtime network monitoring package
Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.

And ntop does a good job of providing trend information as well. 
Title: Re: Packages wishlist?
Post by: mbedyn on January 27, 2006, 04:54:27 am
IPTraf is a pretty useful realtime network monitoring package
Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.


Not that good as IPtraf.... IPtraf shows for example number of pkt per second, statistics for interrested port, protocol etc..
It's very usefull and powerfull tool. IMHO
;-)
Title: Re: Packages wishlist?
Post by: hoba on January 27, 2006, 02:25:58 pm
IPTraf is a pretty useful realtime network monitoring package
Check the consolemenu or ssh in. Try the pftop option. It's similiar to this.


Not that good as IPtraf.... IPtraf shows for example number of pkt per second, statistics for interrested port, protocol etc..
It's very usefull and powerfull tool. IMHO
;-)


press h. left right arrow and so on. sounds like you haven'T seen all the pages/infos yet
Title: Re: Packages wishlist?
Post by: sganarelle on January 29, 2006, 12:43:43 am
has an asterisk package been talked about?  a package where you could have have a 2nd pfsense box running asterisk? or even run it on the same machine as your firewall which would make life a bit easier.
Title: Re: Packages wishlist?
Post by: sullrich on January 29, 2006, 12:48:01 am
Yeah, its been tossed around.   I would like to see one get going at some point.  I've got some files started but they are a little dated and the structure really wasn't that hot.

With that said, if someone wants to work on this and wants to use these, I can try to dig them up.   In fact, I would help out with this but I am looking for someone to "own" this package and maintain it.
Title: Re: Packages wishlist?
Post by: kevlatimer on January 30, 2006, 05:07:20 am
Well my vote goes to Quagga, or at least some kind of RIP/OSPF supporting routing daemon.  Purely for use on VPN's, of course!

I've just spotted that it's in ports, but a web extension for it would be nice.  I did a package of Quagga for smoothwall a while back (web bit didn't work though, but never got round to fixing it) so I might try and do something for pfSense.
Title: Re: Packages wishlist?
Post by: sullrich on January 30, 2006, 11:09:09 am
Well my vote goes to Quagga, or at least some kind of RIP/OSPF supporting routing daemon.  Purely for use on VPN's, of course!

I've just spotted that it's in ports, but a web extension for it would be nice.  I did a package of Quagga for smoothwall a while back (web bit didn't work though, but never got round to fixing it) so I might try and do something for pfSense.


Yes, please do!    If you want to take over the package it currently does not have a maintainer.
Title: Re: Packages wishlist?
Post by: lsf on January 30, 2006, 09:43:59 pm
IPtraf is not a BSD util. Its linux, and it's a ugly hack imo. ;)
Title: Re: Packages wishlist?
Post by: smidgey on January 31, 2006, 01:42:04 am
mmm IDS like snort and adaptive firewalling capabilities like snort-sam

i.e. kiddie starts scanning me, ids generates firewall rules to block kiddie before he hits my open ports / or temporarily 'hides' those ports.
Title: Re: Packages wishlist?
Post by: kevlatimer on January 31, 2006, 03:29:18 am
Well my vote goes to Quagga, or at least some kind of RIP/OSPF supporting routing daemon.  Purely for use on VPN's, of course!

I've just spotted that it's in ports, but a web extension for it would be nice.  I did a package of Quagga for smoothwall a while back (web bit didn't work though, but never got round to fixing it) so I might try and do something for pfSense.


Yes, please do!    If you want to take over the package it currently does not have a maintainer.

I'll start having a crack at it today then, my BSD isn't a patch on my Linux but I'm sure I can muddle through ;)
Title: Re: Packages wishlist?
Post by: sullrich on January 31, 2006, 11:48:34 am
http://www.pfsense.com/~sullrich/pfSenseDevelopersVMWareEdition.7z may help.... Full dev environment in vmware.
Title: Re: Packages wishlist?
Post by: Superman on March 03, 2006, 03:40:49 pm
I know this isn't what you want on a firewall normally, but I would like to see a samba client along with rsync for remote backups (I guess with a cron scheduler) through the firewall to a local windows machine.

I know it would be better to have a seperate machine, but it's just not feasible in my friends enviroment at the time. I've been using a Linux based firewall/server installation at his location, but it's several releases back and I can't upgrade it remotely. pfSense of course is my choice for a firewall, and with just these few features it would fit perfectly in that enviroment, and I'd always be able to remotely maintain the firewall.

Likely I could just add the packages, but then they would get wiped out with each upgrade...

Title: Re: Packages wishlist?
Post by: Leoandru on March 03, 2006, 04:36:04 pm
Likely I could just add the packages, but then they would get wiped out with each upgrade...

No they won't not unless your doing a clean install. I have Been running a jabber server on my pfSense box that survived several upgrades.
Likewise, I didnt want to get a separate box just to run a jabber server, so I just installed and configured it on my firewall.
Title: Re: Packages wishlist?
Post by: Superman on March 04, 2006, 11:59:54 am
Oh, okay, that's cool, I didn't know that!!  ::)

Thanks Leoandru!

Title: Re: Packages wishlist?
Post by: Superman on March 04, 2006, 04:26:31 pm
Okay, I've tried this out on my own pfSense FW, I can install the packages no problem. I guess I need to make a custom kernel however, because there is now smbfs.ko to be loaded. I tried just copying one from my freebsd system, but that doesn't work. I've built a kernel before, but just with very basic changes. What would I have to do to build the pfSense kernel with only the addition of that one module? Where do I specify for it to build that module?

Thanks for your help...

Title: Re: Packages wishlist?
Post by: btafoya on March 05, 2006, 02:46:41 am
Some form of packet capturing for use with Ethereal would be incredible!
Title: Re: Packages wishlist?
Post by: Zharvek on March 05, 2006, 11:53:35 am
This might be possible for a package?

Is there a way, (or possible) to have pfSense put IP addresses of people in a sort of temporary pool that will block all access from them, if they say lauch an attack against the router.

Multiple attempts to attack the router results in a 6 hour ban. Something of that sort.
Title: Re: Packages wishlist?
Post by: fernandotcl on March 08, 2006, 06:42:31 am
This might be possible for a package?

Is there a way, (or possible) to have pfSense put IP addresses of people in a sort of temporary pool that will block all access from them, if they say lauch an attack against the router.

Multiple attempts to attack the router results in a 6 hour ban. Something of that sort.
That's possible with Snort. However, it's not always desirable to run an IDS in your firewall. Besides, if you have to use such a system, you should be confortable enough to implement it manually, without GUIs.
Title: Re: Packages wishlist?
Post by: rexster on March 10, 2006, 12:06:10 am

No they won't not unless your doing a clean install. I have Been running a jabber server on my pfSense box that survived several upgrades.
Likewise, I didnt want to get a separate box just to run a jabber server, so I just installed and configured it on my firewall.

maybe you could publish the package for the community to use?
Title: Re: Packages wishlist?
Post by: sullrich on March 10, 2006, 01:19:55 am
Anything custom that starts from /usr/local/etc/rc.d/ is not touched during upgrades.

This is basically the package area (/usr/local/).

You are pretty safe in adding you own startup files in /usr/local/etc/rc.d/*.sh ... We do not touch them during upgrade.
Title: Re: Packages wishlist?
Post by: tweak on March 12, 2006, 01:36:16 am
I think it would be great to see a package for myNetWatchman (http://www.mynetwatchman.com) if possible. That and perhaps SFTP  :-[
Title: Re: Packages wishlist?
Post by: fernandotcl on March 14, 2006, 01:07:38 pm
That and perhaps SFTP
SFTP is already in, it's part of SSH.
Title: Re: Packages wishlist?
Post by: tweak on March 14, 2006, 01:22:35 pm
SFTP is already in, it's part of SSH.

This is true, but I'd like to know how to use an SFTP client when the menu is presented after every SSH login...
Title: Re: Packages wishlist?
Post by: jeroen234 on March 14, 2006, 01:43:13 pm
login true a sftp client
then you don't get that ssh menu
Title: Re: Packages wishlist?
Post by: Patrick_ on March 14, 2006, 02:07:17 pm
I'm not sure if this can be done but some sort of log reporting package which would generate a couple web pages on the statistics....kinda like awstats with a builtin syslog thing....sorta hard to describe but would be cool.
Title: Re: Packages wishlist?
Post by: tweak on March 14, 2006, 03:04:17 pm
login true a sftp client
then you don't get that ssh menu


I've tried gftp, putty-tools, hsftp and the sftp binary all with the same result - what would you recommend for a linux sftp client?
Title: Re: Packages wishlist?
Post by: fernandotcl on April 06, 2006, 09:32:55 am
login true a sftp client
then you don't get that ssh menu


I've tried gftp, putty-tools, hsftp and the sftp binary all with the same result - what would you recommend for a linux sftp client?
gftp works. Double check your configuration.
Title: Re: Packages wishlist?
Post by: g0dsp33d on April 06, 2006, 10:47:54 am
One I always liked and it was a pain in the ass to configure and to setup Squid with Squid Guard.

Maybe there is a better content filter out there but SquidGuard seemed to work fairly well.

I know of a lot of buisnesses/clients that love to have either reality/pornographic/sports/etc/etc websites filtered. Although I havn't messed with SquidGuard in some time it had no Auto Blacklist to update. I did however right a script to grab one from my FTP server ever week when it was updated.
Title: Re: Packages wishlist?
Post by: ruskie on April 13, 2006, 03:13:11 am
I'd like to see gkrellmd(the X11-less daemon only) and bfilter(an ad/script/img blocking proxy).

Atm I have a gkrellm(thanks to some very nice people from irc) installed but it's lacking an interface to configure it via the web configurator.
Title: Re: Packages wishlist?
Post by: agismaniax on April 28, 2006, 04:10:14 am
I've found www.ipp2p.org (http://www.ipp2p.org) for iptables/netfilter.
Is there any packages can do blocking p2p filesharing traffic in FreeBSD/pfSense?
Title: Re: Packages wishlist?
Post by: lsf on April 28, 2006, 09:14:43 pm
Snort would be able to do this, also a layer7 filter of some sort would also be able to do this.
P2P is in general hard to filter out as it tends to use whatever port it can get it's hands on (like www port 80).
You need either a raw packet filter, or a layer7 filter.
At this point there is no way to effectively block P2P in pfsense.
Title: diskless/pxe (thin client) remote boot from pfsense?
Post by: rexster on April 28, 2006, 11:03:46 pm
i like to see a complete packages (tftpd,nfs,etc...) to allow diskless/pxe client boot into something like thinstation or puppy or others...

like these ones:
thinstation.sf.net
http://forums.freesco.org/support/index.php?showtopic=13170&st=45&#entry74098
Title: Re: Packages wishlist?
Post by: Aderium on May 04, 2006, 08:06:01 am
Nagios would be a good package
Title: Re: Packages wishlist?
Post by: mbedyn on May 13, 2006, 02:26:35 pm
I wonder, is it possible to add to RDD graph some new options such a wireless client's statistics... ::)
I mean statistics about connections in time period.
Title: Re: Packages wishlist?
Post by: doush on May 15, 2006, 09:15:40 am
I've found www.ipp2p.org (http://www.ipp2p.org) for iptables/netfilter.
Is there any packages can do blocking p2p filesharing traffic in FreeBSD/pfSense?

Yes my vote also goes to a Layer 7 filter.. Also  Snort is quite good to block P2P, at least we know how to use it. ;)
But an embedded option for blocking P2P in pfSense it self is the most desirable.
Title: Re: Packages wishlist?
Post by: doncipo on May 19, 2006, 07:17:10 am
Hello ppl. ! I will like to see HAVP+ClamAV+Dansguardian as content filter, Snort as IDS, OpenVPN as VPN default app., AdvancedProxy+Calamaris+URLFilter. Smoothwall, IPCop and EndianFirewall already have these.
Title: Re: Packages wishlist?
Post by: buraglio on May 23, 2006, 08:39:11 am
Nagios would be a good package


What about something like NRPE (nagios remote plugin executor) and the plugins?  Useful for checking stuff behind the NAT and/or firewall from an external nagios install. 
Title: Re: Packages wishlist?
Post by: Master One on June 04, 2006, 05:35:48 pm
I find it difficult to determine, what else should be running on the firewall machine. If squid is on, I'd suggest the following should be as well:

Privoxy (http://www.privoxy.org): web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.

Tor (http://tor.eff.org/): toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Title: Re: Packages wishlist?
Post by: Master One on June 05, 2006, 06:06:22 am
Oh, forgot one thing which may be quite important:

APCUPSD (http://www.apcupsd.org): You definitely also want your firewall machine hanging on your UPS, if you performed a full installation on a harddrive.
Title: Re: Packages wishlist?
Post by: mastrboy on June 20, 2006, 02:40:54 pm
a dshield package, and a fixed freeradius package with webgui integration
Title: Re: Packages wishlist?
Post by: buraglio on June 20, 2006, 02:53:46 pm
Nagios would be a good package


What about something like NRPE (nagios remote plugin executor) and the plugins?  Useful for checking stuff behind the NAT and/or firewall from an external nagios install. 

Would people find these useful?  NRPE and some plugins?  What plugins would be most useful (other than check_ping)
Title: Re: Packages wishlist?
Post by: sullrich on July 11, 2006, 04:43:40 pm
I'd like to see more package maintainers.   This pie in the sky discussion is great but there is nobody to implement these ideas.
Title: Re: Packages wishlist?
Post by: rafael.cardoso on July 17, 2006, 01:42:11 pm
Any idea for SARG (Squid Analysis Report Generator)!
Title: Re: Packages wishlist?
Post by: timb0311 on August 01, 2006, 04:48:12 pm

POUND - REVERSE-PROXY AND LOAD-BALANCER
http://www.apsis.ch/pound/

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no warranty, it's free to use, copy and give away.


This would be good for running mutiple web servers with limited IPs or just plain old load balancing for applications.  Can route HTTP request to backend web server based on domain/host name. 

Title: Re: Packages wishlist?
Post by: mdepot on August 15, 2006, 09:18:47 am
My wishlist would be improvements to:

  * Web Proxy Content Filtering
  * Web & Email Anti-Virus Scanning Proxies

Proxy filtering has been tossed around quite a bit, notably with SquidGuard, but looking for a solution that checks based on actual content scanning (as opposed to just list checking).  Something similar to DansGuardian (but with a more open licence) would be great.  And if we're scanning the content anyway, it would be great if virus signature scanning could be done at the same time.

It would also be nice to have a lightweight (relative to sendmail/postfix anyway) SMTP reverse proxy capable of scanning email for junk and virus signatures.  This would be a transparent reverse proxy for SMTP (& SMTPS?), preventing junk mail and virus emails from ever making it to the mail servers inside.  (Check out ASSP and DspamPD if you're looking to get a better idea of the concept.)

Both of these wishlist ideas are not exactly 'lightweight' and may not belong on a box that's *strictly* a firewall, but they do both protect the inside from the outside, and would be a good fit for many smaller orgs without dedicated resources for these.

Title: Re: Packages wishlist?
Post by: kferguson on August 18, 2006, 11:02:47 am
I'd like an interface to allow creation of firewall rules based on GEOIP data.  Many organizations provide services within a limited geographical area, and could live without all the traffic from regions outside those service areas.  I've seen examples of pf implementations, but I'm not sure what would be required to integrate this functionality into pfsense.

Kirk
Title: Re: Packages wishlist?
Post by: hoba on August 18, 2006, 12:09:12 pm
I'd like an interface to allow creation of firewall rules based on GEOIP data.  Many organizations provide services within a limited geographical area, and could live without all the traffic from regions outside those service areas.  I've seen examples of pf implementations, but I'm not sure what would be required to integrate this functionality into pfsense.

Kirk

That might be quite easy with the uopcoming alias features of pfSense (already implemented in the HEAD tree), where you can update your aliases frequently by downloading an external file (see http://pfsense.com/~sullrich/pics/SampleAlias.PNG for a screenshot of that already implemented feature).
Title: Re: Packages wishlist?
Post by: Cry Havok on August 19, 2006, 02:41:25 pm
Nylon (socks proxy) would be nice to see.
Title: Re: Packages wishlist?
Post by: ptaylor on August 20, 2006, 09:59:36 pm
An interesting (though probably very difficult to add) package would be TorrentFlux:

http://www.torrentflux.com/

Basically, it's a web-based torrent manager.† Ever since I ran across this, I've thought the concept was pretty neat.† You can even configure it to automatically remove the torrent once you've shared it a number of times.† It looks like it even has its own user system. With this as a package you may be able to block torrent downloads behind the firewall and only allow them through this interface, where traffic shaping is in control of the bandwidth utilization rules you've set up...† †Each user on the network could have a login so that they could download torrents in a controlled manner, so each workstation isn't competing for the bandwidth.

Title: Re: Packages wishlist?
Post by: JeGr on September 08, 2006, 05:51:49 am
Quote
Would people find these useful?  NRPE and some plugins?  What plugins would be most useful (other than check_ping)

Yep. Horribly useful! We currently use (and I would be glad to use on pfSense):

check_nrpe!check_total_procs (processes)
check_nrpe!check_disk1 (discspace - you never know what hits your logfile)
check_nrpe!check_load (load)
check_nrpe!check_ping (ping - different hosts)
a check for the firewall / packet filter itself
check_ntp
check_ssh
(and perhaps for pfsenses GUI check_http(s))

These would sure be nice additions *dreams* Full integration into Nagios... *blinks*
Title: Re: Packages wishlist?
Post by: fricardo on September 11, 2006, 07:07:54 am
I would like to see one package to SARG (Squid Analysis Report Generator).

I'm starting to use pfsense 1.0-RC2 4 days ago. Great work! How can I build one SARG package?

Thanks,

fricardo
Title: Re: Packages wishlist?
Post by: hoba on September 11, 2006, 07:30:52 am
There is not much documentation on how to create a package, however some pointers can be found where to start at the forum. Please search.
Title: Re: Packages wishlist?
Post by: darek on September 29, 2006, 06:56:44 am
I would like to see ipfm + scr_ipfm integrated

Keep up the good work.

Greetings Darek
Title: Re: Packages wishlist?
Post by: oasisgate on October 08, 2006, 07:17:07 pm
the good service to addon pfsense...apcupsd for APC UPS...
Title: Re: Packages wishlist?
Post by: submicron on October 09, 2006, 09:13:47 am

It would also be nice to have a lightweight (relative to sendmail/postfix anyway) SMTP reverse proxy capable of scanning email for junk and virus signatures.  This would be a transparent reverse proxy for SMTP (& SMTPS?), preventing junk mail and virus emails from ever making it to the mail servers inside.  (Check out ASSP and DspamPD if you're looking to get a better idea of the concept.

ASSP doesn't support AV scanning and DspamPD hasn't been actively developed for over a year.
Title: Re: Packages wishlist?
Post by: gbelanger on October 14, 2006, 02:05:11 am
I liked the idea of a 'voting system' for package suggestions. I would really like to see something out there to enforce corporate content-filtering policies. Right now, the squid package somewhat addresses the web side. The SMTP part is a bit less interesting unless you are putting the firewall in your production environment (as opposed to office) where it can behave as a server-side proxy. I have successfully used transparent POP3 proxying in the past. However, I dont think its a very clean way of doing email filtering.

The one still missing from most distros is instant messaging proxying/filtering for the main clients (MSN/Yahoo/AOL/Google). This would allow for a complete content-filtering solution. (Web + IM, while mail is imparted). Note that some suggested antivirus support for the web proxy, this is fairly difficult to implement, and very unefficient. (Because the proxy cant really know if its a virus until the download is .. well.. done).

As for SMTP filtering (SpamAssassin and such) - I do think that  spam filtering without a proper quarantaine solution is a bit wreckless. As such, I would be tempted to leave the spam filtering to a dedicated solution. However, blocking malicious code and extensions as well as defanging potentially dangerous dynamic content are all very feasible tasks. I myself would tend to focus on these features.

Someone proposed bind as a package. I find the mention of bind running on a firewall a little disturbing =P I frankly don't really see the point of running DNS off a firewall. It seems somewhat off-focus.

Just my 2 cents -
Title: Re: Packages wishlist?
Post by: anystupidassname on October 19, 2006, 09:20:15 pm
Congrats on the gold release! I've been impressed with pfsense from the beginning when I discovered it from a m0n0wall source.

My 2 cents on the packages wishlist:

-FakeAP(http://www.blackalchemy.to/project/fakeap/)
-Linblock (http://www.dessent.net/linblock/) this is really just a script but I have no clue how to implement it on BSD
-A package allowing you to provide a one-time (expiring) link to a file download from the local freeNAS raid volumes (scawf if you want...)

These were already talked about but I 2nd the request for these:
snort
nagios
asterisk
tftp/pxe capabilities
dansguardian
cups

I saw these in the list pre 1.0 so I'm hoping they'll get re-added:
freeradius
freeNAS

Thanks for listening!
Title: Re: Packages wishlist?
Post by: sullrich on October 24, 2006, 03:26:49 pm
Snort is already included.   The TFTP/PXE proxy is in HEAD and should make its way to a future version.
Title: Re: Packages wishlist?
Post by: sdale on November 04, 2006, 08:40:10 pm
I would like to see a content filter package using Dansguardian.
Title: Re: Packages wishlist?
Post by: bluekkis on November 05, 2006, 04:53:35 pm
I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.
Title: Re: Packages wishlist?
Post by: hoba on November 05, 2006, 05:02:20 pm
I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.

It's already there: services>Dynamic DNS.
Title: Re: Packages wishlist?
Post by: bluekkis on November 06, 2006, 01:50:19 am
I'd like to see no-ip.com client as package for pfsense so I don't have to remember my ip address all the time, which isn't static anyway.

It's already there: services>Dynamic DNS.

Duh... and I though I had already gone through all features, thx anyway =)
Title: Re: Packages wishlist?
Post by: rdevries on November 08, 2006, 10:25:11 am
I would like to see spam filtering ie:spamassassin
Content filtering ie: squidguard, dansguardian

Thanks
Title: Re: Packages wishlist?
Post by: gbelanger on November 19, 2006, 08:49:21 pm
This :

http://www.imspector.org/

Would be a very valuable addition. It's basically a Instant Messenging proxy, which means that it can be used to provide logging facilities that are mandatory for most security certifications.

It could also be used to block IM file transfers and eventually provide antivirus/extension-based blocking. Its a great addition to pfSense because this way it could provide application-layer filtering for the three main point of entry for viruses/malware: web, email and im.
Title: Re: Packages wishlist?
Post by: mrsense on November 25, 2006, 04:13:11 am
I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.

http://www.sysmon.org/config.html

Rrealtime accounting and monitoring would be nice to have as well:
pktstat (FreeBSD port exists)
->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue'). 

iftop (FreeBSD port exists)
->listens to network traffic on a named interface,  or on  the  first  interface  it can find which looks like an external interface if none is specified,  and  displays  a table of current bandwidth usage by pairs of hosts.

monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.


my 2c...

regards,
mr-s
Title: Re: Packages wishlist?
Post by: Nil Einne on December 30, 2006, 08:52:16 am
A LPR/LPD package to support using pfSense as a print (printer) server would be nice. Preferably with SAMBA support.
Title: Re: Packages wishlist?
Post by: llewis on January 15, 2007, 04:46:10 pm
FreeRADIUS additions/modifications...

I've configured FreeRADIUS to add eap_tls and eap_ttls to authenticate my access point for WPA2-CCM on my pfsense box. What would be nifty is a the ability to integrate the CA similarly to how it is done for IPSEC VPN's to manage certificates for both the CA and users. This would give users the option to utilize either eap_tls or eap_ttls (for the more lazy). If you think about it, possibly just a centralized CA that was separated per duty might be sufficient (e.g., one for IPSEC another for OpenVPN, another for WPA, however utilizing the same openssl.cnf, etc and just splitting off different directories per usage type). Sorry for rambling... but I think this might provide a nice feature and pull together any loose ends that utilize certs for a auth method.
Title: Re: Packages wishlist?
Post by: ellisgl on January 15, 2007, 05:29:07 pm
OSPF and  RIP I + II would be on the top of the list.
Newer nVidia chipsets.. 4+
64 bit support would be nice too.
Title: Re: Packages wishlist?
Post by: jahonix on January 16, 2007, 01:47:20 am
OSPF and  RIP I + II would be on the top of the list.

routed: RIP v1 and v2 daemon
Already available as package.
Title: Re: Packages wishlist?
Post by: WildTangent on January 29, 2007, 08:14:40 pm
I'd like to second the request for TorrentFlux (http://www.torrentflux.com). This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.
Title: Re: Packages wishlist?
Post by: Justinw on January 30, 2007, 10:09:32 pm
I would love to have a monitoring/net management package that is suitable even for an embeded edition and yet capable of monitoring via SMTP, IMAP, POP3, HTTP,TCP,UDP, NNTP, and PING tests and posting results in html or terminal.

http://www.sysmon.org/config.html

Rrealtime accounting and monitoring would be nice to have as well:
pktstat (FreeBSD port exists)
->listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., 'RETR cd8.iso', 'GET http://slashdot.org/' or 'xclock -fg blue'). 

iftop (FreeBSD port exists)
->listens to network traffic on a named interface,  or on  the  first  interface  it can find which looks like an external interface if none is specified,  and  displays  a table of current bandwidth usage by pairs of hosts.

monit (compiles under FreeBSD); http://www.tildeslash.com/monit/
->monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.


my 2c...

regards,
mr-s


Try a pkg_add -r nagios I think you will be surprised what it will do out of the box.  There are still some bugs that I am working with on my box from the stock install, but a person with some time could easily get it going I think.
Title: Re: Packages wishlist?
Post by: cdsu on March 15, 2007, 09:25:21 pm
I'd like to see some options for snort to include bleedingrules, controlled ip blocking. Maybe have an option to move the blocked ips to a permanent blacklist. A file editor option for snort.conf that lets you permanently make changes to the file for tuning. mysql support for snort to log to a database. It would also be nice to have the option to pull the rules from a different location like a local webserver.that would be awesome!!
Title: Re: Packages wishlist?
Post by: mastrboy on March 27, 2007, 02:00:41 pm
I'd like to second the request for TorrentFlux (http://www.torrentflux.com). This couldn't be too hard to implement, TorrentFlux itself is just a PHP controlled implementation of BitTornado as far as I understand.

WTF! what kind of person are you, putting a torrent client on a firewall ! makes me wanna cry  :'( :'( :'( :'(

Title: Re: Packages wishlist?
Post by: sullrich on March 27, 2007, 02:03:12 pm
Blame d-link.  IIRC they started this blasphemy practice.
Title: Re: Packages wishlist?
Post by: awsumopossum on April 11, 2007, 02:22:19 pm
someone mentioned putting a file server up on it, although, that defeats the purpose of having a dmz, i don't know how i feel about having files on my firewall? i think an anti spyware/virus package would be great, that scanned incoming traffic..
Title: Re: Packages wishlist?
Post by: naivula on April 16, 2007, 09:45:20 pm
A non-spooling p910nd style print server.

Since pfsense is the only box that is on 24/7 in my small office, it would be nice to have a printer attached to it.
Can anyone make a package out of this: http://etherboot.sourceforge.net/p910nd/  ?
Title: Re: Packages wishlist?
Post by: bibi on June 17, 2007, 10:18:44 am
Hello everybuddy
First sorry for my english.
Second pfsense it's bryliant projekt.
Therd i have small network (wireless network with 200 users) and I have very offen problems when some of my wirelles link is broken because i work 200 kilometers from place wher i have this network and it was verry helpfull for me if sombody public packages to monitor network and send SMS when maybe ping is lost or some services are stop
Thank You for all
Greetings
Title: Re: Packages wishlist?
Post by: Perry on June 17, 2007, 11:06:27 am
Quote
Hello everybuddy
First sorry for my english.
Second pfsense it's bryliant projekt.
Therd i have small network (wireless network with 200 users) and I have very offen problems when some of my wirelles link is broken because i work 200 kilometers from place wher i have this network and it was verry helpfull for me if sombody public packages to monitor network and send SMS when maybe ping is lost or some services are stop
Thank You for all
Greetings
Do you have a diagram..... i was thinking about SNMP to watch over things.
But never the less you could start a Bounty for your packages.
Title: Re: Packages wishlist?
Post by: bibi on June 18, 2007, 12:21:47 pm
I was thinking about sms to inform when somthing is broken because even if You are on hollidays you have mobile in your pocket all the time but laptop with internet conection very rare, so this sms can alarm you that somthing is wrong and you can fix problem very fast (find some internet caffe) or call to home and tell sombuddy what he can do to fixit. About the bounty sorry but I am only PLC programmer and have a basic know how about networking, so i must use somthing ready.
Grettings
Title: Re: Packages wishlist?
Post by: dvserg on June 18, 2007, 12:36:22 pm
May be e-mail notification and mobile mail-agent solved you problem?
For example: cron executed every 1...10 minute task, what check you services and if alarm - sent e-mail notification. Need find script or program what can do services checking

Internet2SMS services very specific and get of pay in moust times.
Title: Re: Packages wishlist?
Post by: wolfgang_schipper on July 03, 2007, 03:21:59 pm
I agree,
the HTTP Antivirus-Function should be a basic part of a firewall.
Title: Re: Packages wishlist?
Post by: sanjay_arora on July 11, 2007, 05:56:05 pm
Hello all

I have spent a couple of hours on these forums, for the first time after almost a year of install of my pfsense box...not a good community member, I'm afraid  :(

However, since after changing my firewall distro more than a few times, I have decided on pfsense and will now be putting in a few bounties, to see if I can get a few things I want incorporated.

Here are my views:

- A firewall gateway distro should remain a firewall gateway distro and run as few applications as possible.
- That said, one cannot ignore the smaller SME users like myself, who have only one machine running 24/7 and thats the pfsense box, hence the need for some applications.
- However, since security is a firewall's main job & routing the gateway's main job....these two should not be compromised, if at all possible and extended wherever possible.
- I would vote for all packages that don't need incoming port access from the WAN. One can have time server, transparent proxies of all kinds (outgoing), caching dns server, ftp server for Lan clients and so on.
- But what I would really like to see all kinds of IDS, IPS, Load-sharing, Load-balancing, reporting on various usage stats from a users point of view that a normal small office cannot dedicate more than one computer to. E.g. today we have snort but nothing to analyse its input say snort sam or squill or acid, we have squid but no dansguardian like package, an improved IMespector proxy.
- Having said all that, I don't think that a mail server or any other server that accepts incoming connections from outside should be put on a perimeter firewall. If you are big enough to have run your own domains then you should invest in a DMZ machine and then offload as many applications to it from the main pfsense box, as you can. But then again, you can have a DMZ in main office & a hybrid pfsense server in branches. After all you are the one footing the bill for any problems arising out of an implementation decision.
- I think the direction of the project is very right but the community really needs to create a method for maintainence of old packages in addition of creation of new packages.

I hope I have not put the reader to sleep  ;D

With best regards.
Sanjay.
Title: WAN port speed test
Post by: pfloyd on September 13, 2007, 09:53:47 pm
Hello, I'd like to see a speed test for the WAN port. If I get an idea to check the speed from my ISP I hook my laptop up directly to the cable modem and use dslreports.com/stest a couple of times, then hook everything back up. It would be quicker for my users and perhaps safer for my laptop if there were a function to cut off all my LAN traffic, perform some kind of speed test, re-enable the LAN and post the results on screen or in a log.
Thanks,
Vinc Duran
Title: Re: Packages wishlist? IPS!
Post by: SourceFinder on October 18, 2007, 11:11:07 am
I would very much like IPS (Intrusion Protection System) and, when secure enough, possibilities for an internet http- or e-mailproxy. This should make pfsense a more complete competition for the commercial solutions.
Title: Re: Packages wishlist?
Post by: brianw on October 19, 2007, 02:55:37 am
I would just love to see a package with LCDproc (http://lcdproc.omnipotent.net/) so i can output used bandwidth, Memory and CPU usage, States and so on.

This has been discussed before somewhat...we'll need some supported LCD's to develop and test this on.

--Bill

I could send a CrystalFontz 20X4 Serial Display (http://www.crystalfontz.com/products/634/index.html). I would not need this returned either. It would be awesome to get support for these in pfSense. I may even be able to purchase one of these (http://www.mini-box.com/M300-LCD-Enclosure?sc=8&category=87), if it can be returned to me after getting it all working. Getting the buttons to do various things, all configured through the web gui would be a sweet bonus.

brianw
Title: Re: Packages wishlist?
Post by: mrsense on October 27, 2007, 03:27:36 am
1) I would like to be able to see if package is running (or stopped) right from package's main page.

2) I would like snort create alias for each category (snort-attack-responses, snort-backdoor) and add offenders to corresponding aliases.  That way I could create my own rules (and schedules).

my2c
Title: Re: Packages wishlist?
Post by: dvserg on October 30, 2007, 03:33:44 am
There is in project need in package squidGuard?
ps I already sent sources to CoreTeam.
Title: Re: Packages wishlist?
Post by: JorgeAldoBR on October 31, 2007, 03:26:03 pm
Make FreeRadius package able to send WISPr attributes...

Even if pfSense cannot use them currently, it will in the future and some people have a setup like mine, with pfSense and Monowall
Title: Re: Packages wishlist?
Post by: ntsux on December 11, 2007, 03:10:05 pm
(Didn't know where to place this message, but this thread kinda seems appropriate.)

Is there a way to (a la "Check Point") have a GUI tool to FILTER through the firewall rule logs for key elements such as:

- source IP
- Destination IP
- Rule # (in the policy)
- Network Service(s) in use (eg.  HTTP, or TCP 80)
- Source Port (of the TCP session)
- date, time
- Listening NIC
- (perhaps some reference to a VPN that is in use)

... 'cuz that'd be just awesome!

Thanks, in advance,


NT Sux
 
Title: Re: Packages wishlist?
Post by: Nil Einne on January 10, 2008, 01:04:50 am
A non-spooling p910nd style print server.

Since pfsense is the only box that is on 24/7 in my small office, it would be nice to have a printer attached to it.
Can anyone make a package out of this: http://etherboot.sourceforge.net/p910nd/  ?

I'd also be very interested in something like this
Title: Re: Packages wishlist?
Post by: _Nico on January 16, 2008, 09:09:20 pm
Hi

I would just love to see a LinuxVirtualServer package with CARP an a real time monitoring utility for servers.

I've found a chineese tutorial for freebsd6.1 that i translate in english.
I gonna try it in a few days. I hope it will work fine  ;D on pfsense too.
Now i just want to know if this could enter the package wishlist  :P ?

Sorry for my poor english.

Thanks in advance.
Nicolas
Title: Re: Packages wishlist?
Post by: Antioxidan on February 19, 2008, 08:09:27 am
Hey :-)

I'm looking for an Montitoring System on PfSense ala Nagios or IPMonitor.

Is there any possibility?

Greetz
Title: Re: Packages wishlist?
Post by: gthornock on February 19, 2008, 11:55:53 am
I see that this has been requested a few times, but I'd like to add one more request for DansGuardian.
Title: Re: Packages wishlist?
Post by: sullrich on February 19, 2008, 03:44:36 pm
Hey :-)

I'm looking for an Montitoring System on PfSense ala Nagios or IPMonitor.

Is there any possibility?

Greetz

We have a zabbix agent in packages.
Title: Re: Packages wishlist?
Post by: mrzaz on February 27, 2008, 03:11:15 pm
I'm very interested in trying to get a good SIPproxy/Server into pfSense
and the following looks quite promising as it seems to be very
lightweigh, scalable and adaptable and powerful.

http://www.openser.org/mos/view/Features/

I'm going to make a small study if it's feasible to adapt it for
pfSense but I know it's a big undertaking to get it integrated
and i'm doubting my skills to do it.

some highlights
- robust and performant SIP (RFC3261) Registrar server, Location server, Proxy server and Redirect server
- small footprint - the binary file is small size, functionality can be stripped/added via modules
- plug&play module interface - ability to add new extensions, without touching the core, therefore assuring a great stability of core components
- authentication, authorization and accounting (AAA) via database (MySQL, Postgress, text files), RADIUS and DIAMETER
- digest and IP authentication
- load balancing with failover
- multiple database backends - MySQL, PostgreSQL, flat files and other database types which have unixodbc drivers

just to name a few.  See full featurelist in the link above.

Comments anyone ? 
Title: Re: Packages wishlist?
Post by: ermal on February 27, 2008, 04:27:29 pm
It has even ready web interfaces so you can actually customize for pfSense easily if you need it.
Title: Re: Packages wishlist?
Post by: jahonix on February 28, 2008, 02:50:14 am
I'd like to have an IGMP proxy as per this thread:  http://forum.pfsense.org/index.php/topic,4491.0.html
It would enable IPTV on German VDSL lines...
Title: Re: Packages wishlist?
Post by: mcapozzi on March 18, 2008, 03:20:18 pm
Please, please, please consider adding OpenVPN-auth-LDAP.

Thanks,
Mike
Title: Re: Packages wishlist?
Post by: heiko on March 18, 2008, 03:26:15 pm
OpenVPN with filtering rules....
Title: Re: Packages wishlist?
Post by: sullrich on March 18, 2008, 04:32:10 pm
OpenVPN with filtering rules....

That already exists in 1.3.
Title: Re: Packages wishlist?
Post by: bill on March 18, 2008, 05:46:37 pm
Still looking for an SSL VPN.
I posted a bounty a while ago.
Something like SSL-Explorer: 443 based, no installation on the client side necessary.
Did not make it into tha base because SSL-Explorer uses Java. But as a package?
(Does not need to be SSL-Explorer, just a good example.)
Thanks.
Title: Re: Packages wishlist?
Post by: fribert on March 21, 2008, 05:54:58 am
I'm very interested in trying to get a good SIPproxy/Server into pfSense
and the following looks quite promising as it seems to be very
lightweigh, scalable and adaptable and powerful.
http://www.openser.org/mos/view/Features/
I'm going to make a small study if it's feasible to adapt it for
pfSense but I know it's a big undertaking to get it integrated
and i'm doubting my skills to do it.

Looks VERY interesting. Have you tried setting it up on a normal Linux?
Title: Re: Packages wishlist?
Post by: mrzaz on March 23, 2008, 11:00:01 am
I'm very interested in trying to get a good SIPproxy/Server into pfSense
and the following looks quite promising as it seems to be very
lightweigh, scalable and adaptable and powerful.
http://www.openser.org/mos/view/Features/
I'm going to make a small study if it's feasible to adapt it for
pfSense but I know it's a big undertaking to get it integrated
and i'm doubting my skills to do it.

Looks VERY interesting. Have you tried setting it up on a normal Linux?


Nope, not yet...  Got occupied with in my real world.  (waiting for a baby)

//Dan Lundqvist
Title: Re: Packages wishlist?
Post by: cdsu on March 26, 2008, 08:33:50 am
I would like to see spamd back on the package list for inbound spam-filtering and sendmail for outbound email only. If needed I can put a bounty for someone helping me create a lightweight version of sendmail package.
Title: Re: Packages wishlist?
Post by: hoba on March 26, 2008, 10:52:33 am
I would like to see spamd back on the package list for inbound spam-filtering and sendmail for outbound email only. If needed I can put a bounty for someone helping me create a lightweight version of sendmail package.

Check the bounty section, spamd is already on the list there. Maybe contribute to this bounty if you are really interested in this.
Title: Re: Packages wishlist?
Post by: xankra on April 03, 2008, 09:02:34 am
An ospf package would be great (don't know if there is a bounty yet though).
Title: Re: Packages wishlist?
Post by: librarymark on April 03, 2008, 01:31:21 pm
I would really like to see dansguardian added as a package. It is far superior to squidguard.
Title: Re: Packages wishlist?
Post by: sullrich on April 03, 2008, 03:35:46 pm
I would really like to see dansguardian added as a package. It is far superior to squidguard.

Already been requested countless times and debunked countless times due to its license.
Title: Re: Packages wishlist?
Post by: Cry Havok on April 03, 2008, 03:49:44 pm
Looks VERY interesting. Have you tried setting it up on a normal Linux?

Repeat after me FreeBSD is not Linux  :P
Title: Re: Packages wishlist?
Post by: librarymark on April 05, 2008, 11:35:36 am
"Already been requested countless times and debunked countless times due to its license."

How is that? Does that mean I have been using it illegally all this time?
Title: Re: Packages wishlist?
Post by: Perry on April 05, 2008, 11:55:02 am
Prolly not if your a home user, but as i remember it commercial use is forbidden.. But you could do a search :)
Maybe SquidGuard will fit your needs ?
Title: Re: Packages wishlist?
Post by: librarymark on April 05, 2008, 12:01:02 pm
I work at a public library. I have used both squidguard and dansguardian. Dansguardian is far superior. Squidguard, while a fine piece of software, is just not enough. The scum that walk in the door at our library found all sorts of ways around it. They have a much harder time with dansguardian.

Am I skirting dansguardian's license using it for a non-profit organization? Even with the license, what difference does that make such that pfsense can't have a package for it?
Title: Re: Packages wishlist?
Post by: GruensFroeschli on April 05, 2008, 12:23:38 pm
The first page of this thread: http://forum.pfsense.org/index.php/topic,2703.0.html explains the problem with dansguardian.
Title: Re: Packages wishlist?
Post by: librarymark on April 07, 2008, 06:41:35 pm
All I get out of reading that link is that DansGuardian is free for non-commercial use. That is exactly what I use it for now, in a non-profit public library.

Where exactly is the problem?
Title: Re: Packages wishlist?
Post by: GruensFroeschli on April 08, 2008, 12:46:16 am
Did you even read the thread???
Quote
Well, interpreting the license allows us to make the package available at least. And we may even include it into pfSense. The problems start when people start installing dansGuardian on site.

I want to make it part of a unix-like distribution such as RedHat.
   Yes.
I want to try it out for potential commercial use.
    Yes, but only once.
I want to use it commercially[2].
    No, you must buy a download licence.
I want to incorporate it into our product or solution.
    No, you must buy a solution provider download licence.
Title: Re: Packages wishlist?
Post by: librarymark on April 08, 2008, 07:10:48 am
Yes - all three pages.

So you make the package such that the end-user has to download DG. OR - the package installer downloads it. Then, as far as I am concerned, if you are not a commercial user, you are within the license.

Did Daniel Barron specifically say that you could not write a package for DG? Did anybody ask him directly? How is it that IPCop can get DG but pfSense can't? Sounds like somebody has a grudge somewhere to me!
Title: Re: Packages wishlist?
Post by: GruensFroeschli on April 08, 2008, 09:57:47 am
No grudge here :)

Maybe you should start the discussion in the other thread again / open a bounty if you really feel that this should be incorporated into pfSense.
Title: Re: Packages wishlist?
Post by: sullrich on April 08, 2008, 01:46:40 pm
Yes - all three pages.

So you make the package such that the end-user has to download DG. OR - the package installer downloads it. Then, as far as I am concerned, if you are not a commercial user, you are within the license.

Did Daniel Barron specifically say that you could not write a package for DG? Did anybody ask him directly? How is it that IPCop can get DG but pfSense can't? Sounds like somebody has a grudge somewhere to me!

He used to work for Smoothwall.  Not sure how it fits into IPCOP.
Title: Re: Packages wishlist?
Post by: librarymark on April 08, 2008, 05:59:09 pm
If I wanted to write a package for DG, where do I start? Is there a howto for that sort of thing for pfsense?
Title: Re: Packages wishlist?
Post by: hoba on April 08, 2008, 06:01:42 pm
If I wanted to write a package for DG, where do I start? Is there a howto for that sort of thing for pfsense?

Search the forum and read up on http://wiki.pfsense.org
Title: Re: Packages wishlist?
Post by: librarymark on April 09, 2008, 01:35:46 pm
Here is part of an email conversation between me and Dan Barron:
-------------------------------------------------------------------------
Hello -

First - thanks for a wonderful piece of software!

I use DansGuardian at the public library I work at, and am having great success. I am
also experimenting with the pfsense firewall, and would really like to run some sort of
filter on pfsense. My choice would be DG, but the folks over at pfSense seem to be
scared of your license, and

I don't know why.  It's GPL.  All I say is if you want to download it from my site for
the purpose of commercial use then pay.  Once you have it having paid for the download or
not then it's GPL.  You can do what you like with it including redistribute.

------------------------------------------------------
So I'll say it again: Where is the problem?

Title: Re: Packages wishlist?
Post by: sullrich on April 10, 2008, 12:28:18 pm
Its either GPL or not.  He needs to make up his mind.  This is shady.
Title: Re: Packages wishlist?
Post by: freebee on April 21, 2008, 11:51:05 pm
so, is about hamachi again. I see the past post about that, around 2005, and in the freebsd ports system have the port of that. So, the wish is for that package.
Title: Re: Packages wishlist?
Post by: scholarlv on April 24, 2008, 10:58:57 pm
I would love to see some sort of Antivirus/Antispyware added to the packages. 
Title: Re: Packages wishlist?
Post by: tenortim on May 22, 2008, 12:00:37 pm
Its either GPL or not.  He needs to make up his mind.  This is shady.

Actually, I just spent some time carefully reading http://dansguardian.org/?page=copyright2 and in fact that is not true. It is perfectly legitimate. Here is the deal:

1) He is the copyright owner. As such he can license his code any way he chooses to whom he chooses. He doesn't have to license or release the code at all. He is free to release it under multiple licenses as others have done e.g. he could also release under a commercial license which does not require the buyer to feedback changes.

2) He chooses to make the code available from his website under the GPL to a subset of users. He is the copyright holder. The GPL gives those recipients rights, and they can freely redistribute what they downloaded to their hearts content including giving away the source to commerical entities. The only restriction he is placing is on commercial entities downloading his copyrighted work from his website. In other words, choosing to make your copyrighted code available under the GPL does not place the restrictions on you that a recipient of code licensed under the GPL would be under. Because of the nature of the GPL, even if he chose to give out the code to just one person under the GPL, that person could go on and give it away to the whole world.

Near the top of the page I see
Quote
freely (no cost) downloadable from this site for general purpose unix distributions like FreeBSD, Debian, Fedora, Ubuntu, etc
so I believe you will find that pfsense is already covered as being allowed to download and use the software freely.

Hopefully that clarifies the situation.

Regards,

Tim
Title: Re: Packages wishlist?
Post by: submicron on May 22, 2008, 01:03:46 pm
That's your interpretation of his license, but, unless you are a lawyer, a healthy amount of skepticsm needs to be used here.  For the record, GPL'd is GPL'd, Dansguardian is not GPL'd if his license is a modification of the GPL.  Unless an IP lawyer wants to sort through his license and decide its ok for pfSense to use, I'm sure the devs will stay away from it.
Title: Re: Packages wishlist?
Post by: tenortim on May 22, 2008, 05:00:51 pm
That's your interpretation of his license, but, unless you are a lawyer, a healthy amount of skepticsm needs to be used here.  For the record, GPL'd is GPL'd, Dansguardian is not GPL'd if his license is a modification of the GPL.  Unless an IP lawyer wants to sort through his license and decide its ok for pfSense to use, I'm sure the devs will stay away from it.
The page in question says that he has been in conversation with RMS to OK this. So unless you are suggesting he is lying, then the originator of the GPL is OK with what he is doing. As regards the ability to e.g. dual-license, I can assure you that that is a lot more than my opinion. I have received training on this from IP lawyers (as part of a previous job). The copyright holder is entitled to license the software under as many licenses as they wish. He is choosing to release it under the GPL to a subset of people. That does not violate the GPL. The GPL tells you what rights and responsibilities you have as a licensee, not as a licensor. Nowhere in the GPL does it say that you must do as a licensor. Note near the top of the GPL (v2):
Quote
Each licensee is addressed as "you".
The rest of the license goes on to say "you may copy", "you may modify" etc.

There are any number of programs out there that are dual-licensed under the GPL and the BSD license. The BSD license conflicts with the GPL, but that doesn't prevent the copyright holder from legally doing this.
Title: Re: Packages wishlist?
Post by: josempinto on May 29, 2008, 04:04:37 am

  Hello,
 
 I think that  It would be nice that we could install a minimum set of packages that could transform PFSense in a true and decent firewall, doing some cache (Squid ) at the same time we had some evidences that the things were working (Lightsquid).

 I would like to be able to use (togeder) the falw. ones:

 imspector  +
 Lightsquid  +
 PhpSysInfo  +
 Squid  +
 And squidGuard

  But it does not work ALL together.

 I think that this is nothing specialÖ. (like Dashboard, LCDproc, Zabbix, Spand nor (even) Snort))

  Anyway, even without this set of packages, PFSense is still a good firewall..., But culd be better!!!.....

  Regards
Title: Re: Packages wishlist?
Post by: librarymark on June 12, 2008, 03:41:03 pm
See - Honest to God, you guys have a thing against dansgardian.
Title: Re: Packages wishlist?
Post by: freebee on July 03, 2008, 02:11:19 pm
will be very, very good if include smartmontools to monitoring temperature;
Title: Re: Packages wishlist?
Post by: ermal on August 03, 2008, 05:53:22 am
Since there are so many request for different things i want just to ask a simple question:

Will detailed docs on making a package bring more patches/packages developed by the requesters?
I might throw some time to making a detailed doc on how to create a package for pfSense if i see some interest from people.
Title: Re: Packages wishlist?
Post by: Perry on August 03, 2008, 12:58:11 pm
Since there are so many request for different things i want just to ask a simple question:

Will detailed docs on making a package bring more patches/packages developed by the requesters?
I might throw some time to making a detailed doc on how to create a package for pfSense if i see some interest from people.
From my point of view as a very very bad programmer  :-[. I'm sure you could give me some nice tips and the more documentation the better ( unless it's a iso document standard :P ).
One thing imo that could be misunderstood in creating a package is how small a part the actual creation of the package is. I don't recall many saying I've made this and this how do I transform it into a package.
What limits the packages i can do is general PHP, FreeBSD knowledge and how to grap things from pfSense. 
By grapping i mean something like this:
Code: (Shows configured nic's and custom names) [Select]
<?php
require_once("guiconfig.inc");
include(
"head.inc");
?>

<?php include("fbegin.inc"); ?>
<?php
$i 
0
$ifdescrs = array('wan' => 'WAN''lan' => 'LAN');
for ($j 1; isset($config['interfaces']['opt' $j]); $j++) {
$ifdescrs['opt' $j] = $config['interfaces']['opt' $j]['descr'];
}
foreach ($ifdescrs as $ifdescr => $ifname):
$ifinfo get_interface_info($ifdescr);
$fgfg convert_friendly_interface_to_real_interface_name($ifname);
echo "$ifname ($fgfg) <br>";
$i++; 
endforeach; 
?>

<?php include("fend.inc"); ?>
Maybe i should help out with a newbie / beginner guide. Where you could do some more advance stuff / fill out holes I've made.
Title: Re: Packages wishlist?
Post by: ermal on August 03, 2008, 01:42:24 pm
Well first that code is wrong there now is get_configured_interface_list() or get_configured_interface_with_descr() as you can see we are pushing 1.3 to have APIs to facilitate most of things.
Form the interface list to the other infos.

Bascially you do not eneed any info about freebsd to create a package just know the application you are packagizing :). But i will try adding some docs for that.
Title: Re: Packages wishlist?
Post by: Perry on August 03, 2008, 02:20:15 pm
Quote
Well first that code is wrong there now is get_configured_interface_list() or get_configured_interface_with_descr() as you can see we are pushing 1.3 to have APIs to facilitate most of things.
Form the interface list to the other infos.
Hehe Then it should be corrected in status_interfaces.php  ;D
Title: Re: Packages wishlist?
Post by: ermal on August 03, 2008, 04:17:53 pm
Where are you reading this?
Title: Re: Packages wishlist?
Post by: Perry on August 03, 2008, 05:29:40 pm
ok my mistake, that was 1.2.1 not 1.3 as i thought.
Title: Re: Packages wishlist?
Post by: stechnique on August 03, 2008, 09:57:03 pm
From a semi-outsider's viewpoint, I do think some developer doc and an up-to-date API would be a HUGE plus for the project.
I've been using pf for over 2 years on several projects, and although I don't have a lot of time on my hands, I happen to be an experienced PHP programmer, and I do think I could contribute to the project with some basic doc like that.
It would take me 2 weeks now to read through the source and figure out the structure you are using, the guidelines you follow, the functions that are available, etc. With some basic how-to and a reference API, I could be up and running in a few hours, and I'd have a quick reference API (which is a must for any project).
If you slow down on the coding and take some time to invest on documentation, you will see coding will pickup by itself afterward with more contributors and more efficient development.

Just my 0.02$.
Title: Re: Packages wishlist?
Post by: vendetta on August 04, 2008, 10:54:11 am
Since there are so many request for different things i want just to ask a simple question:

Will detailed docs on making a package bring more patches/packages developed by the requesters?
I might throw some time to making a detailed doc on how to create a package for pfSense if i see some interest from people.

Absolutely.
Title: Re: Packages wishlist?
Post by: tikid on September 29, 2008, 06:11:14 am
Since there are so many request for different things i want just to ask a simple question:

Will detailed docs on making a package bring more patches/packages developed by the requesters?
I might throw some time to making a detailed doc on how to create a package for pfSense if i see some interest from people.

Absolutely.

Again, ditto.  I've been screwing around with some of the inc's and xml's in the packages I've installed, which is cool and all, but the package system is slightly arcane, and I would be far more likely to actually create a package if there were some kind of package docs than currently...turns out, the current situation is likely enough since I'm going to create a package, but that's beside the point.  :)
Title: Re: Packages wishlist?
Post by: hinze57 on October 05, 2008, 03:45:34 pm
Doc(s) on how to build packages would be awesome.  I am REALLY wanting to build the bits for installing Dansguardian on pfsense. 
Title: Re: Packages wishlist?
Post by: Arist on October 17, 2008, 10:55:57 am

SpamAssassin

PGP encryption

keystroke encryption

bot/mailware/trojan/scanner

keyloger protection
Title: Re: Packages wishlist?
Post by: AudiAddict on November 06, 2008, 03:20:57 am
I would love to see a cacti package, it shouldn't be that hard to do.. it's just that I don't have any unix/freebsd knowledge.

The current RDD graphs can only be seen after logging in, I would love to place some graphs on our intranet page for our users to see. Cacti should allow us to do this and also provide more graphing options.
Title: Re: Packages wishlist?
Post by: josey on November 07, 2008, 01:29:07 am
Radius server, not radius protocol, radius server  ;D
Title: Re: Packages wishlist?
Post by: thinair on November 20, 2008, 09:08:59 pm
ntop, again :)
Title: Re: Packages wishlist?
Post by: Arist on December 20, 2008, 07:24:26 am
adzapper
Title: Re: Packages wishlist?
Post by: sabo on December 23, 2008, 08:31:19 pm
Maybe we should start a new thread and ask which packages people would like to run on pfSense in appliance mode.      Since we have the ability to run pfsense with one NIC and no NAT there may be more interesting requests.     

Here is the link in case someone would like to read about the variety of appliance uses for pfsense.

http://www.pfsense.org/index.php?option=com_content&task=view&id=71&Itemid=81

Wireless Access Point

VPN Appliance

Sniffer Appliance

DHCP Server Appliance

DNS Server Appliance

Voice over IP (VoIP) Appliance

With the nice package manager and active user base I bet there are more good ideas out there.   I have read in other threads some people mention file sharing.  That was discarded by some saying its a firewall you don't want to run samba on it.   

Now it seems pfsense is an appliance also.
Title: Re: Packages wishlist?
Post by: mcrane on December 23, 2008, 08:51:45 pm
Appliance ideas:

Database Server (with replication)
Web Server
Streaming Music Server
Streaming Video Server
Email Server
Dev Server (options for CVS, SVN, GIT, wiki)
Mirror Client and Server
Session Border Controller

Title: Re: Packages wishlist?
Post by: swmspam on January 08, 2009, 10:39:59 pm
Some of these Appliance ideas are incorporated into FreeNAS, a related fork of m0n0wall.

I still haven't found the webserver solution I've been looking for. I want an embedded OS to run a webserver, with the /www/doc/ directory on a USB stick (diskless system). FreeNAS will do this just fine, but doesn't have per-directory authentication.
Title: Re: Packages wishlist?
Post by: freebee on January 14, 2009, 02:22:52 pm
Here we go...
Postfix + Davecot POP server + procmail + blockmail.pl + spam assassin + clamav or other antivirus.
A complete client / server mail.
Connect to a mail server, recieve e-mails, scan for virus, use procmail + blockmail to police what is coming from (copy or not to another e-mail local account) and store in server.
In Lan , users can push the e-mail stored in server.
For send e-mail, listed users that can send and a option to copy to other mail what is sended, scan for virus, block attachments, add to e-mail body the message warning about audit.
I can help with commands or manually configure. A gui for that inside pfsense, would be very very good.
Title: Re: Packages wishlist?
Post by: agent_linux on January 15, 2009, 01:48:53 pm
How about Nagios? Im looking forward to have it on my pfsense box.
Title: Re: Packages wishlist?
Post by: choup on January 16, 2009, 04:29:43 pm
First, I would think it would be best to get the core elements 100% stable. Then get add-on packages like Squid Proxy, SquidGuard, IDS... working as stable as possible.

I would definitely like to help out schools that can't afford a lot for technology on pfSense But problems with SquidGuard puts a serious damper on that. See Google SafeSearch bug in the forum. Simple problems liek this can seriously limit utilization of pfSense.

I have two schools right now that need something like pfSense. I have to corporate donated hardware, just can't get the software that works.
 
Charlie

Title: Re: Packages wishlist?
Post by: tester_02 on January 25, 2009, 10:43:32 am
# 1  - Peerguardian style package.  Something to block out those bad ip's ;)  Needs to have peerguardian style auto update blocklists.  To me this is a big priority as there is not much for 64 bit windows support for this style of program.  Having this feature at the router makes the most sense anyways.
# 2 - email.  it actually would be nice to have an email appliance with webmail.    I'm looking at clarkconnect, but only for the email functionality, as the rest is defiantly lacking compared to pfsense.

It's hard to really ask for much more.
Title: A reverse RDP proxy package that mimics functionality of Remote Web Workspace
Post by: ssheikh on January 29, 2009, 02:07:17 am
I have not read thru all 14 pages of the wishlist so I'm not sure if this has been suggested or not.

One of the unique features that is available in Windows SBS servers is Remote Web Workspace (RWW). That feature is not available with any other version of windows or as standalone because it replaces the functionality of a terminal server to some extent. And Terminal Server CALs bring MS a lot of that green stuff.

For those that do not know what RWW is, please do a google search. A video or two of it in action is on the net. Also this: http://www.sbsfaq.com/Lists/FAQs/Attachments/135/Remote%20Web%20Workplace%20-%20Part%201.pdf is a good article on how RWW works behind the scenes.

Now back to the idea of a package: the way I see it, all the functionality that is needs to make an RWW alike package (I'll call it RDP Portal) is already available in pfSense.

Here is how I think the package should work:

The package:

1. Maintains a list of all machines on the private side (interfaces and network ranges configurable/selectable) that can be RDP-ied to. This list can either be manually generated, imported, or generated by doing a scan of the network(s) for machines that listen on TCP:3389 (port selectable in config.) Use DNS to resolve the names (that was understood, why did I even mention it.)

2. Presents a web page on the public side (again interface and IP selectable) that acts as the portal for the RDP Proxy. Once the users log in (authentication based on Kerberos or Radius), they are presented with a list of machines they can RDP into. Some form of access control list can probably be introduced through LDAP or other means here to restrict which machines the user get to see in that list. Also a TCPPing can probably be done to only list machines that are active. May have to be a background scheduled TCPPing so that the network is not jammed by these when the list need to be displayed to the portal client.

3. When a user selects a machine to connect to, a port forwarding rule is created on the fly that maps a dynamic high port (would be nice if a usable port range can be defined and a port from it is randomly selected) on the selected IP on the WAN side, mapping it to port 3389 of the target machine. At the same time a firewall rule is created between the IP that the client contacted the portal with and the RDP machine he chose to connect to. This is where this solution would differ from the MS RDP Proxy they implement in SBS. They proxy the connections and we will be doing this using port forwarding.

4. The RDP portal web page then redirect the user to a page with the ActiveX embedded RDP client to open an RDP connection for the client to the desired machine.

5. Does some sort of states monitoring to see when the connection ends or dies at which point both the port forwarding rule and the access rule can be removed (possibly with a delay since I think the RDP client does try to reestablish the session if for some reason it is lost.)

That is pretty much all I can think of to include in a package like that. I'm sure others can probably add some nifty features to it.

Now there may be security related ramifications of such a package because it would essentially be a scripted mechanism with root access.

I may have some time starting third week of February to possibly start developing a package like this. But I'm not going to be able to do it on my own. Will need help. Probably lots of it.

Thanks,

Shahid
Title: Re: Packages wishlist?
Post by: eethore on February 20, 2009, 03:55:08 am
i want and need really bad for reporting system such as lightsquid for firewall rules in pfsense.
Title: Re: Packages wishlist?
Post by: Visseroth on February 22, 2009, 11:06:47 pm
How about a x64 version and a VMWare package?? Seriously, what better to run on a firewall then a VM?? You could install a Host OS on a protected OS.
Title: Re: Packages wishlist?
Post by: billm on February 27, 2009, 06:37:18 am
How about a x64 version and a VMWare package?? Seriously, what better to run on a firewall then a VM?? You could install a Host OS on a protected OS.

Until VMWare actually runs on FreeBSD, there's zero chance of it becoming a package.  An amd64 port is in the works, but for fairly obvious reasons also won't be a package :)

--Bill
Title: Re: Packages wishlist?
Post by: veugelenw on March 05, 2009, 09:36:40 pm
wanted:


OSSEC HIDS package for pfSense !


Title: Re: Packages wishlist?
Post by: CliftonR on March 18, 2009, 02:41:13 pm
Re: the question about docs -

If you can provide some better docs and how-to for the XML/GUI portion of the packaging, I will probably be able to provide a dnscache package.  I want it, and there seem to be other people who want it; IMHO a fast caching resolver is a big win for a network with slower upstream connectivity, and it goes great with squid too.  (It would be nice to implement it with an option for forward-only vs. full caching recursive resolver.)

I've done a lot of FreeBSD work, including building a near-appliance system of packages for a spam filtering system.  I have a home FreeBSD system to develop on (at 6.4 currently) and the dnscache binary package should be easy; I've built lots of packages before, and that might even be available for 7.1 from the FreeBSD package repository.

It's just understanding what's involved in hooking it in that's an issue for me - how to map setting up the configuration, forwarders/root servers, etc. into the pfSense menus, and whether there's actual PHP code to write or not.
Title: Re: Packages wishlist?
Post by: GruensFroeschli on March 18, 2009, 02:50:05 pm
It's just understanding what's involved in hooking it in that's an issue for me - how to map setting up the configuration, forwarders/root servers, etc. into the pfSense menus, and whether there's actual PHP code to write or not.

This might help you:
http://devwiki.pfsense.org/PfSenseDevHome
--> http://devwiki.pfsense.org/PackageInfo
Title: Re: Packages wishlist?
Post by: CliftonR on March 18, 2009, 06:49:23 pm
This might help you:
http://devwiki.pfsense.org/PfSenseDevHome
--> http://devwiki.pfsense.org/PackageInfo

Thank you!  I had looked at the wiki previously, but hadn't found that overview page.
Title: Re: Packages wishlist?
Post by: prodzekshn on April 02, 2009, 04:47:04 am
PF SENSE as a Dynamic DNS server

can something like this be implemented
http://code.blitzaffe.com/pages/phpscripts/files/ddns_server_54-35
Title: Re: Packages wishlist?
Post by: LiquiD_85 on April 07, 2009, 04:49:01 pm
What about Dans Guardian???
Title: Re: Packages wishlist?
Post by: DarkServant on April 16, 2009, 07:00:09 am
Hi
A preprocessor for Snort that block the packets that matches the rules before they ever reach the target, and make the Snort implementation a true IPS would be nice.
Title: Re: Packages wishlist?
Post by: tommyboy180 on April 22, 2009, 10:14:13 pm
DenyHosts. I was able to install it with the pkg_add command, so it shouldn't be that hard right.
I would love to help if someone can tell me what I need to do to get this package made, maybe and example.
Title: Re: Packages wishlist?
Post by: Meulator on May 29, 2009, 04:43:41 am
A USER TRACE MODULE!!

Kind of simple, i think : a module which when activated, logs everything regarding a certain authenticated user, from captive portal for instance. You go on the GUI, then type in the name of the user and here it goes, it displays you all the websites the user went to, and when he logged in etc...

Doing the same with pfsense requieres to log systems to a syslog, and to transfert squid logs files to a server, and you have to check each file to find what you're looking for. This module could be really usefull, and totally push to garbage products like zyxel G4100 or Ucopia boxes...
Title: Re: Packages wishlist?
Post by: mcrane on May 29, 2009, 01:41:06 pm
snort is already there use pfSense 1.2.3 RC1 and then look under packages.
Title: Re: Packages wishlist?
Post by: chudy on August 03, 2009, 12:54:15 am
TOS/DSCP set and reset (or TOS/DSCP remarking)
Title: Re: Packages wishlist?
Post by: kodimar on August 12, 2009, 11:53:01 am
I would like to see a package that analyzes all traffic and organizes it in the same way that lightsquid does it.  NTOP is the only package that comes close, but I found it unstable and the information is scattered. 

For example each day you get a list of all your host ip addresses and underneath it will have all the sorted protocols used by that ip address and the ip addresses that it connected to.

192.168.1.28
     HTTP
     1   v7.cache5.c.youtube.com   1   24.9 M   24.9 M   18.1%
     FTP
     Sent
     1   ftp.ftp.com         1      24.9 M   24.9 M   18.1%
     Recieved
     1   ftp.ftp.com   1   14.7 M   14.7 M   X%
Title: Re: Packages wishlist?
Post by: XIII on August 24, 2009, 01:07:36 am
How about the R-U-ON server monitoring agent (http://www.r-u-on.com)?
Title: Re: Packages wishlist?
Post by: freebee on September 17, 2009, 05:25:38 pm
SS5 is a socks server that implements the SOCKS v4 and v5 protocol.
ports/net/ss5/
http://ss5.sourceforge.net/

Have many good features, like bandwidth control per user, balancing and work with ldap.
Title: Re: Packages wishlist?
Post by: jasonjordan on September 23, 2009, 09:07:35 am
http://update-accelerator.advproxy.net/

This looks fantastic and would be an awesome add-on for saving bandwidth.  It caches updates from:
    * Adobe
    * Apple
    * Avast
    * Linux (.deb and .rpm)
    * Microsoft
    * Symantec
    * Trend Micro
and you can add custom download sites too.

It's been written specifically for IPCop - so I have no idea how hard it would be to "port".

From the Site:
The Update Accelerator caches files from update sites automatically at the first request. All subsequent downloads of these files from other clients will be processed with LAN speed.

Even though the standard Web Proxy cache does almost the same job, there are important differences between the Web Proxy cache and the Update Accelerator cache.

For example, it would be difficult to store, reliably, a Service Pack with a size of about 300MB in the Web Proxy cache. Unlike a Web Proxy with its internal cache and uncontrollable results, the Update Accelerator works rather in a similar way to a File Server - dead reliable and independent of any Proxy cache size or replacement strategy.
Title: Re: Packages wishlist?
Post by: jimp on September 23, 2009, 10:02:59 pm
http://update-accelerator.advproxy.net/

This looks fantastic and would be an awesome add-on for saving bandwidth.  It caches updates from:
    * Adobe
    * Apple
    * Avast
    * Linux (.deb and .rpm)
    * Microsoft
    * Symantec
    * Trend Micro
and you can add custom download sites too.

It's been written specifically for IPCop - so I have no idea how hard it would be to "port".

From the Site:
The Update Accelerator caches files from update sites automatically at the first request. All subsequent downloads of these files from other clients will be processed with LAN speed.

Even though the standard Web Proxy cache does almost the same job, there are important differences between the Web Proxy cache and the Update Accelerator cache.

For example, it would be difficult to store, reliably, a Service Pack with a size of about 300MB in the Web Proxy cache. Unlike a Web Proxy with its internal cache and uncontrollable results, the Update Accelerator works rather in a similar way to a File Server - dead reliable and independent of any Proxy cache size or replacement strategy.

With the right settings, Squid will happily cache updates, including service packs, as long as you have the proper directives in the config.

I have it caching updates for my repair bench and it does a great job. It does the adobe updates without any special config, too.

http://doc.pfsense.org/index.php/Squid_Package_Tuning#Caching_Windows_Updates (http://doc.pfsense.org/index.php/Squid_Package_Tuning#Caching_Windows_Updates)
Title: Re: Packages wishlist?
Post by: taphy on October 07, 2009, 05:25:48 pm
Hi I'm using nagios & nrpe a lot, so many thanks for added nrpe package!

..but it would be great to change/add a few things:
1) I need be able to add some custom commands to nrpe.cfg  via GUI, at this moment I have to manually place them in  /usr/local/pkg/nrpe2.xml
(not sure if  it is possible to do in other way at this moment)

2) would be great include test for "warning" and "critical" command parameters in  /usr/local/pkg/nrpe2.inc . At this moment  after configuration via GUI I have in nrpe.cfg :
command[check_myhost_ssh]=/usr/local/libexec/nagios/check_ssh -w  -c  -t 20 -H my.host.net

and as a result:
# /usr/lib/nagios/plugins/check_nrpe -n -H 192.168.55.11 -p 5666 -c check_myhost_ssh
Usage:check_ssh [-46] [-t <timeout>] [-r <remote version>] [-p <port>] <host>

I think something like next would be good:
# diff /usr/local/pkg/nrpe2.inc.orig /usr/local/pkg/nrpe2.inc
147c147,151
<       $cmds[] = "command[{$cmd['name']}]=/usr/local/libexec/nagios/{$cmd['command']} -w {$cmd['warning']} -c {$cmd['critical']} {$cmd['extra']}\n";
---
>       if (isset($cmd['warning'])) {
>          $cmds[] = "command[{$cmd['name']}]=/usr/local/libexec/nagios/{$cmd['command']} -w {$cmd['warning']} -c {$cmd['critical']} {$cmd['extra']}\n";
>       } else {
>          $cmds[] = "command[{$cmd['name']}]=/usr/local/libexec/nagios/{$cmd['command']} {$cmd['extra']}\n";
>       }
188c192

3) also there is still a bug in the nagios-plugins-1.4.13,1 which would be great resolve :
 /usr/local/libexec/nagios/check_procs -w 5 -c 10 -s Z
/libexec/ld-elf.so.1: /lib/libc.so.7: version FBSD_1.1 required by /usr/local/libexec/nagios/check_procs not found (and this is a bit annoying ...)
(this is the only plugin which requires FBSD_1.1, all other are ok with FBSD_1.0)

Many thanks in advance

Title: Re: Packages wishlist?
Post by: madapaka on October 08, 2009, 09:27:06 pm
Dansguardian! If Comixwall (an OpenBSD based firewall) was able to use this I see no reason why pfSense can't . IMSpector for SMTP to monitor rogue employees leaking out confidential information would be a welcome addition.
Title: Re: Packages wishlist?
Post by: mcrane on October 08, 2009, 09:38:43 pm
DNS Blacklist package, OpenDNS and SquidGuard can all block domains like DANS guardian can.
Title: Re: Packages wishlist?
Post by: madapaka on October 08, 2009, 11:37:14 pm
Yes, combination of those certainly can but it's not as flexible as Dansguardian. A lot of guys are clamoring for it to be included, If others were able to include it so could we.
Title: Re: Packages wishlist?
Post by: philrou on October 13, 2009, 02:46:31 pm
OSPF/bgp package support (see www.qugga.net) it's OSPF/BGP package support . Package for solaris, redhat and linux platform exist none Freebsd package at this moment. But source available, and BGP works fine (not like openBGP ;-) sorry..;-))
Title: black list
Post by: pinguinito on November 10, 2009, 11:00:39 am
hi
my pfsense has squid as a transparent proxy and I want use DNS black list can it work???
Title: AODV
Post by: SPITwSPOTS on November 23, 2009, 10:51:11 pm
I would really like to have a package to implement AODV  in PFsense.  We operate a wireless network in which we have clusters of nodes which utilize AODV routing.  These clusters are themselves linked together by transparent bridges (with STP for redundancy) to a core network.  As our network grows the bridged network is becoming to large and needs to be replaced by a routed network.  Since I am already using AODV to route traffic through large portions of my network I would like unify the network using PFsense and AODV.  I would like to get some feedback as to how feasible and/or difficult this might be before I post in the bounty section.
Title: Re: Packages wishlist?
Post by: Alberto.C. on November 24, 2009, 09:27:36 am
I'd like to see a change in the GUI to display rules.

I think it is useful to allow users to create groups of rules and give them the opportunity to change the view of these groups as desired.

I thought that in these groups is easier to see where the rules are frequent repetitions of IP, ports, etc.

I would like to enable/disable multiple rules with a single click.

I'd like to take individual rules or rule groups and move them before/after to other rules directly with the mouse like the dashboard.
Title: Re: Packages wishlist?
Post by: jimp on November 24, 2009, 09:31:34 am
Zanotti,

There are already interface groups and floating rules in 2.0 which cover some of that behavior, plus you can use aliases (which exist in 1.2.x) for frequently used hosts/networks/ports.

Letting you drag rules around might sound nice, but in practice it would be very easy to accidentally make unintended changes.
Title: Re: Packages wishlist?
Post by: Assar on December 11, 2009, 07:11:54 am
I have seen small notes about 3G on this forum, but could not find anything involving pfSense talking SMS.
At the moment I'm struggling with a SoHo router capable of using 3G as internet connection. This specific router DOVADO
is capable of giving status and do some basic manouvers on command over SMS. Wouldn't this be a nice package to pfSense?

There could be all sorts of services like
- WAN<x> is down
- WAN<x> is up, IP:xxx.xxx.xxx.xxx
- <interface> has been down for x minutes
- WARNING firewall is experiencing attack x on <interface>
- command "RESET <interface>"
- command "DOWN <interface>"
- command "UP <interface>"
- command "REBOOT"

The DOVADO is allso capable of managing TelStick, but that is an aditional functionality, nice but not as sweet.
Title: Re: Packages wishlist?
Post by: SawyerX on January 05, 2010, 06:21:35 pm
Virtual Gateways would be great if it could be added. I have several PPPOE connections going form one modem so one gateway and now I have to run 4 instances of Pfsense in a VM so I can chnage the gateway for each for load balancing.
Title: Re: Packages wishlist?
Post by: mgc6288 on February 17, 2010, 12:14:34 pm
Another package, well more so a feature, would be that if my main server for some reason went down that the port forwarding would auto switch to a backup server.  That would be awesome... 
Title: Re: Packages wishlist?
Post by: jwbrown77 on February 18, 2010, 08:38:07 pm
OpenVAS Scanner/Server:

http://www.openvas.org/

The firewall seems to be positioned where scanning would be easiest:

1. pf Rules wouldn't factor.
2. The state table wouldn't overload (I think...)
Title: Re: Packages wishlist?
Post by: DarkServant on February 24, 2010, 04:26:16 pm
FreeRADIUS 2.18

An update to freeradius would be nice.

http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/freeradius2/
Title: Re: Packages wishlist?
Post by: david@indesignlondon.co.u on March 02, 2010, 05:58:20 am
Definately AODV/AODV routing... :)
Title: Re: Packages wishlist?
Post by: Sateetje on March 19, 2010, 11:25:36 am
Show system information like temperature,fans e.d.
Title: Re: Packages wishlist?
Post by: tommyboy180 on March 19, 2010, 11:33:38 pm
System information like temp is in the phpinfo package
Title: Re: Packages wishlist: Ubiquity Air Control
Post by: SPITwSPOTS on March 21, 2010, 12:12:25 am
I would like to be able to install Ubiquity's Air Control software.  Air Control runs on a web server and allows you a way to monitor and control various ubiquity CPE and access points.  I am sure that there are many WISPS using Pfsense and Ubiquity is quickly becoming a leader in low cost wireless.  Air Control requires Java and Tomcat.  It looks like it can be installed on free BSD but it is somewhat out of my realm of expertise.

Please let me know if I should post in another group.
Title: Re: Packages wishlist?
Post by: favs on April 09, 2010, 10:56:55 am
I'd like something like imspector but that would really work or something simple to block IM and webmessengers
Title: Re: Packages wishlist?
Post by: hbc on April 16, 2010, 05:12:14 am
I would like a package for LLDP support.

There exist some projects that already work:

http://openlldp.sourceforge.net/ (http://openlldp.sourceforge.net/)
https://trac.luffy.cx/lldpd/ (https://trac.luffy.cx/lldpd/)
http://blinkenlights.nl/software/ladvd/ (http://blinkenlights.nl/software/ladvd/)
Title: Re: Packages wishlist?
Post by: the_true_way on May 03, 2010, 04:27:22 pm
Pls fix the squid web Proxy and guard pakages they are not mpre avilable  in embeded systems :(
Title: Re: Packages wishlist?
Post by: piman on May 10, 2010, 09:24:57 am
Pls fix the squid web Proxy and guard pakages they are not mpre avilable  in embeded systems :(
you can still try this manually: use http(s)://your_pfsense/pkg_mgr_install.php?id=squid
Title: Re: Packages wishlist?
Post by: piman on May 10, 2010, 09:31:24 am
I have build a redundant solution with two embedded soekris devices. I want to be able to connect from one to the other over te console port, so I want to use "tip" http://bama.ua.edu/cgi-bin/man-cgi?tip+1 (http://bama.ua.edu/cgi-bin/man-cgi?tip+1). Good idea for a package? Anyone another solution?
Title: Re: Packages wishlist?
Post by: the_true_way on May 21, 2010, 06:44:02 am
Pls fix the squid web Proxy and guard pakages they are not mpre avilable  in embeded systems :(
you can still try this manually: use http(s)://your_pfsense/pkg_mgr_install.php?id=squid

oh thank U verymutch!!!!! ididnt know this!! Butt is this operation with e GUI oder With my HTTP Browser? and how cann i Uninstall it ?

Thank u very Much
Title: Re: Packages wishlist?
Post by: XIII on June 19, 2010, 04:06:34 pm
I see quite a few people wish to modify the error pages provided by HAVP and squid, is it possible to create a package that does this automatically, where the user uploads the file they want to use and specify what its replacing? How difficult would it be?
Title: Re: Packages wishlist?
Post by: andrewp on June 21, 2010, 10:46:47 pm
I'd wish to have RTSP Proxy (ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/7.2-RELEASE/packages/net/osrtspproxy-2.0_1.tbz) as a pfSense package that can be installed as a transparent proxy.

Proxy uses UDP ports in the range of 6970 - 32000 for incoming connections. It would also be good to modify proxy source code so it can control firewall and dynamically open these ports for incoming UDP Data/Control connections.

-andrewp
Title: Re: Packages wishlist?
Post by: netmethods on June 30, 2010, 05:28:26 pm
I think this is the correct place to post this...

I have a (great) idea for a package... I'd do it my self, but I don't know how and I don't have the time right now to figure it out. I think it would very helpful and lots of people would use it... to be honest, I can't believe someone didn't already make it!

We have SSL, IPSec and PPTP VPN access, but what I haven't seen is something like SSL-Explorer (http://sourceforge.net/projects/sslexplorer/) where you can give access to applications and network shares over a Java based SSL web application allowing to keep your server secure. I realize that Barracuda bought out 3sp/SSL-Explorer, but there have been several branches of it like Adito or OpenVPN ALS (http://sourceforge.net/projects/openvpn-als/). I've used SSL-Explorer a little and found it very easy to use from both the admin and end-user sides. It's cross platform compatible and should load on any OS. Having a package like this would also help compete against several vendors out there... I know SonicWALL's SSLVPN has somewhat similar features in that you can publish some types of applications as well as shared folder.

All this being said, anyone interested in making a package out of this? I don't have any funds to put toward this at this time, but I'm willing to help out where I can if someone else thinks this would be useful.

-Jay
Title: Re: Packages wishlist?
Post by: jimp on June 30, 2010, 05:33:45 pm
openvpn-als requires to run Java on the server side, which is a very high requirement to ask of a firewall. It would not be a small undertaking by any means, but someone might do it for a bounty.
Title: Re: Packages wishlist?
Post by: netmethods on July 02, 2010, 05:58:10 pm
After reading into ALS more, it doesn't sound like that great of an idea since of all the current issues and lack of support...

Another open source project that looks good is Bro Intrusion. It seems to be pretty popular, is there no interest in making that a package?
Title: Re: Packages wishlist?
Post by: jimp on July 02, 2010, 06:01:28 pm
There is, since Bro IDS is BSD licensed it's much better for inclusion since we're a BSD licensed project.

That may happen in the near future, actually, but I'm not sure of the timeline.
Title: Re: Packages wishlist?
Post by: joecr on July 06, 2010, 04:30:57 pm
I see quite a few people wish to modify the error pages provided by HAVP and squid, is it possible to create a package that does this automatically, where the user uploads the file they want to use and specify what its replacing? How difficult would it be?
On 1.2.3-RELEASE & possibly earlier, I started using pfSense with that version, you can go to Diagnostics | Edit File & edit files on the server. Also if you have enabled SSH on the pfSense box you can ssh in & modify files directly on the server.
Title: Re: Packages wishlist?
Post by: XIII on July 06, 2010, 04:33:54 pm
yea but what about squid?
mostly interested in squid since I havent figured that one out yet
Title: Re: Packages wishlist?
Post by: jimp on July 06, 2010, 04:44:02 pm
yea but what about squid?
mostly interested in squid since I havent figured that one out yet

you can edit the squid error pages, too, they're under:
/usr/local/etc/squid/errors/English  (Or whatever other language you want)
Title: Re: Packages wishlist?
Post by: joecr on July 06, 2010, 05:33:16 pm
yea but what about squid?
mostly interested in squid since I havent figured that one out yet

I forgot to mention that you can also use Diagnostics | Execute command to edit files in your pfSense install.
Title: Re: Packages wishlist?
Post by: darklogic on July 07, 2010, 10:18:35 am
I would like to see a mail proxy package that would accept all incoming e-mail and scan it for spam, viruses, and grey list it. After it completes the following task, it would then release it to an internal mail server.

Something like the spamD package that dropped off the grid.

These days having proxy filtering I believe is a must have at the gateway level.
Title: Re: Packages wishlist?
Post by: jimp on July 07, 2010, 10:28:32 am
I would like to see a mail proxy package that would accept all incoming e-mail and scan it for spam, viruses, and grey list it. After it completes the following task, it would then release it to an internal mail server.

Something like the spamD package that dropped off the grid.

These days having proxy filtering I believe is a must have at the gateway level.

A bounty was proposed for proxsmtp, which can do much of this, but the money was withdrawn before any progress could be made.
Title: Re: Packages wishlist?
Post by: tekkitan on July 09, 2010, 05:58:09 am
I'm surprised no one has mentioned Hatchet for log analyzing and visualization.

http://www.dixongroup.net/hatchet/

It runs via Perl and uses regex to create a nice interface for viewing logs as well as using SQLite to store the logs in a database for viewing whenever you may need them.
Title: Re: Packages wishlist?
Post by: serangku on August 14, 2010, 11:15:46 am
UNBOUND DNS, please ...  :)

Title: Re: Packages wishlist?
Post by: tubaguy50035 on August 16, 2010, 11:40:45 pm
Some of you may not like this one, but it would be really cool to have a ventrillo server package.  It's not super intensive and would run just fine on the 6 year old box that runs pfsense.
Title: Re: Packages wishlist?
Post by: tommyboy180 on August 17, 2010, 04:11:49 pm
Some of you may not like this one, but it would be really cool to have a ventrillo server package.  It's not super intensive and would run just fine on the 6 year old box that runs pfsense.
Bad, bad, very bad idea.
Title: Re: Packages wishlist?
Post by: tubaguy50035 on August 18, 2010, 03:24:37 am
But why!?  lol
Title: Re: Packages wishlist?
Post by: Supermule on August 18, 2010, 03:29:20 am
Just install VmWare and run the two things on the same physical box. Its a really bad idea to run some fucked up open like a hole in the ground software like Ventrillo in the same environment as your frontend FW.

Thats why hackers and spammers are having an easy time spreading their shit around the globe....
Title: Re: Packages wishlist?
Post by: tubaguy50035 on August 18, 2010, 03:56:44 am
Yes I know.  Wishful thinking.
Title: Re: Packages wishlist?
Post by: antilog on August 22, 2010, 09:14:25 am
XenTools
Title: Re: Packages wishlist?
Post by: tommyboy180 on August 22, 2010, 09:25:17 am
XenTools

Second that!
Title: Re: Packages wishlist?
Post by: Clouseau on September 02, 2010, 12:14:23 pm
1. FusionPBX package

2. SSH tunnel management

3. SSH Key management (partly done via user key management)

4. SSH tunnel client GUI (SSHD is running ok but GUI missing totally)
Title: Re: Packages wishlist?
Post by: Arist on September 02, 2010, 02:05:22 pm
mail proxy package

MailScanner

MailScanner is an email virus scanner, vulnerability protector, and spam tagger.It supports ClamAV, and other anti-virus scanners. It uses SpamAssassin for highly successful spam identification, and is designed to handle denial of service attacks. It will detect password-protected zip files and apply filename checking to their content.

/FreeBSD/ports/i386/packages-7-stable/All/MailScanner-4.79.11.tbz
Title: Re: Packages wishlist?
Post by: pfSensoryOverload on September 18, 2010, 12:38:50 am
My wish would be to have a real-time logging/debugging package similar to the Cisco stuff, where you can filter certain strings or combination of strings on the fly and see activity as it comes in/goes out and be able to change the level of detail very easily. This would help immensely with troubleshooting issues with greater ease and I think a lot of people would benefit from it.

I apologize if this was already mentioned, I didn't have time to read through all 18 pages...
Title: Re: Packages wishlist?
Post by: JorgeAldoBR on September 21, 2010, 10:33:50 pm
Squid with Multiwan

Using an ACL you can classify requests

then using TCP_OUTGOING_ADDRESS you can select wich wan to output the request.

you can even do this - currently - using custom rules, but the when you do this with pppoe or dhcp connections the rules cannot be updated to reflect the new ip address..

i think patching the package would not be much hard...
Title: Re: Packages wishlist?
Post by: Visseroth on October 04, 2010, 05:47:29 am
Adding hardware monitoring via RRD graphs would be EXTREMELY handy, temps and HD smart status with some sort of email notification if possible. If nothing else just the RRD graphs.
Title: Re: Packages wishlist?
Post by: keeper on October 12, 2010, 02:51:08 am
Application Layer Packet Classifier

http://l7-filter.sourceforge.net/

 :) :) :) :) :) :) :) :) :)
Title: Re: Packages wishlist?
Post by: submicron on October 12, 2010, 02:52:13 am
This functionality already exists in the upcoming pfSense 2.0 release. 
Title: Re: Packages wishlist?
Post by: keeper on October 12, 2010, 09:28:22 pm
This functionality already exists in the upcoming pfSense 2.0 release. 

Nice nice, because some of our user used ultrasurf & freegate.  >:( >:( >:( >:(
Title: Re: Packages wishlist?
Post by: Itwerx on February 04, 2011, 02:44:43 am
Is anyone working on a TOR package?

And if not, would anybody be sufficiently interested to chip in for a bounty?
Title: Re: Packages wishlist?
Post by: Sleeps on February 05, 2011, 08:59:33 am
Is anyone working on a TOR package?

And if not, would anybody be sufficiently interested to chip in for a bounty?

Itwerx

Working on a TOR package is a good idea and i would chip in for a bounty name the price.

 
Title: Re: Packages wishlist?
Post by: Albert Hall on March 27, 2011, 03:32:54 pm
Has anyone asked for a SOCKS proxy?
Title: Re: Packages wishlist?
Post by: tommyboy180 on March 27, 2011, 05:38:03 pm
Has anyone asked for a SOCKS proxy?

Can't you create a SOCKS proxy with SSH forwarding?
Title: Re: Packages wishlist?
Post by: jayp5sense on March 31, 2011, 11:37:48 pm
a blocker for ultrasurf program and other program that have the same function...
Title: Re: Packages wishlist?
Post by: xopah on April 06, 2011, 02:31:26 am
My vote goes for an updated version of NUT to v. 2.6.0 or newer!
There are loads of newly supported devices (my UPS for example) and other reliability issues solved.

Please! =)

EDIT: Ohh forgot to mention I'm using  Pfsense 2.0  ;)
Title: Re: Packages wishlist?
Post by: ITR on April 28, 2011, 04:35:03 am
WanAccelerator package

WANproxy, trafficSqueezer, (OpenNOP)
http://wanproxy.org/
http://www.trafficsqueezer.org/
http://www.opennop.org/ (Linux Only?)
Title: Re: Packages wishlist?
Post by: tgajos@wp.pl on May 07, 2011, 08:14:10 am
What about this?

http://www.hotspotengine.com/ (http://www.hotspotengine.com/)
Title: Re: Packages wishlist?
Post by: luchosalinas on May 26, 2011, 06:54:50 pm
hello, is there any project to implement apdate cache for windows, linux and mac clients?
thanks
Title: Re: Packages wishlist?
Post by: RedRep on June 07, 2011, 06:38:19 pm
Adding hardware monitoring via RRD graphs would be EXTREMELY handy, temps and HD smart status with some sort of email notification if possible. If nothing else just the RRD graphs.
I'm interested in this also, starting to throw together a little test package here.
Title: Re: Packages wishlist?
Post by: Porter on June 08, 2011, 11:18:35 am
Adding hardware monitoring via RRD graphs would be EXTREMELY handy, temps and HD smart status with some sort of email notification if possible. If nothing else just the RRD graphs.

I agree that this would be an excellent addition.  Monitoring via healthd or another daemon would be excellent.  It won't work with all systems, but for the many systems that are supported it would be very worthwhile.

There was a thread about this some time ago and some suggestions were made regarding implementation, but it seems that it never got traction:  http://forum.pfsense.org/index.php/topic,177.0.html

Title: Re: Packages wishlist?
Post by: Porter on June 08, 2011, 11:19:32 am
My vote goes for an updated version of NUT to v. 2.6.0 or newer!
There are loads of newly supported devices (my UPS for example) and other reliability issues solved.
Please! =)

EDIT: Ohh forgot to mention I'm using  Pfsense 2.0  ;)
Agreed... an update to the (now very old) NUT package would be very welcome.
Title: Re: Packages wishlist?
Post by: jimp on June 08, 2011, 02:04:19 pm
The FreeBSD port for nut is only at 2.4.1. There are a bunch of patches in it that do not apply to 2.6.x. So If you'd like to see that working, someone would first have to work with the FreeBSD port to get it current, and then the package can be adjusted to use it at that time.

It would probably build without those patches, but I'm not sure if it would actually operate correctly once built.
Title: Re: Packages wishlist?
Post by: Feadin on June 24, 2011, 10:22:26 am
+1 for the APCUPSD package suggested in 2006 ;)
Title: Re: Packages wishlist?
Post by: Metu69salemi on June 28, 2011, 12:23:23 am
Hi there,

Before i moved to use pfsense i used smoothwall firewall and there was one feature which might be good also in pfsense. It was some sort of hardware scanner.

It just detected your firewall hardware and sended to smoothwalls own website, so they could give an exact information of supported hardware, there was also an additional knowledge but i'm not seeking that.

Is there reasonal need or possibility to create this kind of environment to pfsense as package and hardware database. I know that there is possibility to check hardware from freebsd's list, but this could be an extra service
Title: Re: Packages wishlist?
Post by: sqls on July 01, 2011, 11:40:44 am
If this exists please point me in the right place.  But.

I'd like to see a VNC Repeater package that works with the Ultra VNC SC client.  DD-WRT and OpenWRT have added this and I can't really think of a better place for such a thing to exist on my network then the pfSense firewall.  If the package could also manage an easy http download link for the UVNC SC app that'd be awesome but just having the repeater would be very handy for me.
Title: Re: Packages wishlist?
Post by: tbaror on July 02, 2011, 02:35:53 am
Hi,
I would like to see VLAN  isolation integrated with Snort , currently using Packetfencehttp://www.packetfence.org/ (http://www.packetfence.org/) for this task.
But if Snort package or other similar package will include same functionality of VLAN isolation would make the configuration much easier and give complete solution.

Cheers
Title: Re: Packages wishlist?
Post by: GruensFroeschli on July 02, 2011, 04:17:00 am
Not really sure what you're talking about with vlan isolation, but pfSense is vlan capable and you can run snort on a "vlan-interface".
Title: Re: Packages wishlist?
Post by: tbaror on July 02, 2011, 05:53:39 am
Not really sure what you're talking about with vlan isolation, but pfSense is vlan capable and you can run snort on a "vlan-interface".

i know i can run snort on vlan interface , VLAN isolation is when risk detected like worm or virus etc.. related host port switch  is  automatically moved to designated isolated VLAN until depends on procedures could be done automatic or IT  manual intervention risk is removed  same as packetfence doing its simply i meant integrate NAC (network access control) with Pfsense .
Title: Re: Packages wishlist?
Post by: agismaniax on July 08, 2011, 01:47:52 am
i'm not sure this is the right place for asking this question.
could someone make bandwidthd's description shorter?

Title: Re: Packages wishlist?
Post by: GavilanZ on July 30, 2011, 07:56:28 pm
Hi All!!

First of all, what a TERRIFIC piece of software pfSense is!!.

I've been using m0n0wall for a couple of years, with very good results, but pfSense is in another level.

In my humble opinnion, I think a nice idea would be adding a console screensaver.

I understand that the module is called green_screensaver.ko, and since Im new to this amazing software, as far as I know it doesn't have it, but I've been wrong before. Please, correct me if this is the case.

Thank you!

Kind Regards

Patricio
Title: Re: Packages wishlist?
Post by: periko on August 10, 2011, 09:02:27 pm
  I had my pfsense 2.0RC3 updating almost daily, I have squid on it running custom config file, I don't like the lightsquid reports, I install my self sarg which is superior than lightsquid.

  At the spanish forum I put there how to setup manually sarg and some screens of my server, this is a good tool for pfsense.

  http://forum.pfsense.org/index.php/topic,39568.0.html (http://forum.pfsense.org/index.php/topic,39568.0.html)
 
  My 2 cents  ;D
  
Title: Re: Packages wishlist?
Post by: djzort on August 15, 2011, 05:59:21 am
How about squid hit/miss metrics graphs etc?

I believe ipcop uses this software http://sourceforge.net/projects/squid-graph/

Which someone crafty can probably wrap up in to a pfsense package in no time, assuming pfsense includes a perl interpretter.

Although squid does talk snmp, so perhaps use that?
Title: Re: Packages wishlist?
Post by: Hugovsky on August 16, 2011, 06:35:45 pm
I'd like to see privoxy added, plz.
Title: Re: Packages wishlist?
Post by: marcelloc on August 17, 2011, 08:49:56 am
I would like to see a mail proxy package that would accept all incoming e-mail and scan it for spam, viruses, and grey list it. After it completes the following task, it would then release it to an internal mail server.

Something like the spamD package that dropped off the grid.

These days having proxy filtering I believe is a must have at the gateway level.

A bounty was proposed for proxsmtp, which can do much of this, but the money was withdrawn before any progress could be made.

I'm working on postfix package version 2.0 with many of these implementations.
Title: Re: Packages wishlist?
Post by: marcelloc on September 05, 2011, 05:38:43 pm
Postfix package v2 is out.

check it out:
http://forum.pfsense.org/index.php/topic,40622.0.html

 :D
Title: Re: Packages wishlist?
Post by: dhatz on September 09, 2011, 09:54:53 pm
ArpON looks quite interesting for the security-conscious netadmins and it supports FreeBSD:

Quote
http://arpon.sourceforge.net/

07/27/2011 :: ArpON 2.7 released!

What is ArpON?
ArpON (ARP handler inspection) is a portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.

This is possible using three kinds of anti ARP Spoofing tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dynamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.

ArpON is therefore a proactive Point-to-Point, Point-to-Multipoint and Multipoint based solution that requires a daemon in every host of the connection for authenticate each host through an authentication of type cooperative between the hosts and that doesn't modify the classic ARP standard base protocol by IETF, but rather sets precise policies by using SARPI for static networks, DARPI for dynamic networks and HARPI for hybrid networks thus making today's standardized protocol working and secure from any foreign intrusion.
Title: Re: Packages wishlist?
Post by: ptt on September 19, 2011, 03:18:24 pm
As the siproxd thread is locked, here is my wish:

Ive been using siproxd in a "test" enviroment since Dec 2010 ( since pfSense 2.0 beta5 till the 2.0 Release version ) and all work great, next week it will go to "production" and just one thing i wish to have :

if i enable "Log redirected calls" the logs go to "Status: System logs: System", is posible to have the logs in "Status: Package logs" ?
Title: Re: Packages wishlist?
Post by: ipv6kid on September 29, 2011, 05:22:37 pm
I'd like to see a TOR hidden services package developed so that I can generate .onion addresses for and connect my PFsense router to TOR and port forward traffic from it as needed. Optionally I could select to become a TOR exit node, bridge, or relay.
Title: Re: Packages wishlist?
Post by: GLR on October 02, 2011, 11:10:43 am
Support of Net-SNMP (this is very simple) and custom scripts called through the "NET-SNMP-EXTEND-MIB".

This way I am currently able to make Cacti collect Unbound stats and also get better CPU graphs than with bsnmpd...
Title: Re: Packages wishlist?
Post by: ipv6kid on October 19, 2011, 11:43:38 am
Package #1: TOR router, relay, bridge and exit.

Would allow people to host a TOR relay, bridge, or exit router. Optionally also could be used to tunnel all LAN traffic meant for WAN though TOR.

Package #2:

Digital SSL Notary Package based on: http://convergence.io/

Would allow people to host a digital SSL notary on their PFsense router. The more notaries there are, the more secure the system.
Title: Re: Packages wishlist?
Post by: dhatz on October 22, 2011, 09:05:52 pm
Update siproxd to v0.8.1

http://siproxd.sourceforge.net/index.php?op=changelog

Quote
Release 0.8.1 10-Jul-2011 This release fixes some bugs, one of them concerns building (libltdl). As a feature for small embedded systems, the pthread stack size is configurable to minimize the memory footprint (RAM). Another highlight is the new plugin_regex that allows rewriting the SIP "To" header (call target) of outgoing calls using regular expressions.

Title: Re: Packages wishlist?
Post by: kklouzal on October 25, 2011, 12:23:32 am
I wish there was a Streaming Meidia Server package, possibly this one, the site has full source code, linux/unix/windows. sounds like it would be pretty simple? no? :D I wish ^.^

http://code.google.com/p/ps3mediaserver/
Title: Re: Packages wishlist?
Post by: GruensFroeschli on October 25, 2011, 02:45:37 am
I wish there was a Streaming Meidia Server package, possibly this one, the site has full source code, linux/unix/windows. sounds like it would be pretty simple? no? :D I wish ^.^

http://code.google.com/p/ps3mediaserver/

The PMS runs in java and requires a whole lot o other software (mpgenc, mplayer, etc.)
Not something you install on your firewall, but on your NAS instead :)
Title: Re: Packages wishlist?
Post by: kklouzal on October 27, 2011, 06:39:52 pm
Can you add freenas into pfsense? :D
Title: Re: Packages wishlist?
Post by: jimp on October 27, 2011, 06:43:22 pm
Can you add freenas into pfsense? :D

No.  :)
Title: Re: Packages wishlist?
Post by: kklouzal on October 28, 2011, 01:18:22 am
Silly question, i came back in hopes nobody read it and I could edit the post but that didnt happen :)


How about adding magic jack support?? :D
Title: Re: Packages wishlist?
Post by: kevross33 on October 28, 2011, 04:09:04 am
How about blackholeDNS (even a port)? There was an addon for it on Smoothwall http://community.smoothwall.org/forum/viewtopic.php?f=26&t=26030 and it is the only thing I miss from Smoothwall as it was amazingly powerful and useful being able to block 30,000 - 40,000 malware domains (and others). It used dnsmasq too so I think it may be similar to get it working.
Title: Re: Packages wishlist?
Post by: kevross33 on October 28, 2011, 04:14:34 am
A mentioned. http://community.smoothwall.org/forum/viewtopic.php?f=26&t=26030

It would be more useful to have a default of resolving any malware domains as 127.0.0.1 to internal machines resolve themselves and don't get anywhere but with the option of putting in your own one (and perhaps any malware listening posts - I don't know if ET one is running yet though I can have word with Matt Jonkmann to find out & its IP if it is). Being able to put your own IP in too would be good in case you wanted to setup your own internal sinkhole to identify machines infected and perhaps determined what they are infected with (i.e if domain is a CnC and machine contacts it and then resolves your own fake server setup to log all HTTP requests and other services).

DNS blackholes are becoming increasingly popular though in organisations as part of a malware defense. http://isc.sans.edu/diary.html?storyid=9037
Title: Re: Packages wishlist?
Post by: jimp on October 28, 2011, 07:36:11 am
Silly question, i came back in hopes nobody read it and I could edit the post but that didnt happen :)

How about adding magic jack support?? :D

MagicJack is just SIP. They just don't make it easy to find your credentials, from what I've seen. Google around for more info, but there isn't anything special about it. Certainly nothing warranting a package all of its own.
Title: Re: Packages wishlist?
Post by: serialdie on October 28, 2011, 08:24:42 am
I second that jimp. In any case dump magicjack they simply suck. Install the freeswitch pkg and take control of your own telco.
Title: Re: Packages wishlist?
Post by: anagh on November 18, 2011, 01:27:32 am
dns blacklist
https monitoring to block ultrasurf

pfsense 2.0
Title: Re: Packages wishlist?
Post by: ipv6kid on November 20, 2011, 10:52:36 pm
I would like to be able to have the option of enabling CAPTCHA challenges to the WebGUI login. Maybe Re-CAPTCHA: http://www.google.com/recaptcha
Title: Re: Packages wishlist?
Post by: ber1teguh on November 23, 2011, 04:22:58 am
I would like to see reporting as one of the main features. This should be able to generate reports on any aspect of pfsense as well as scheduling and send the reports by email automatically.
I know there is a mailreport package and it's a good one. But good can always be better. For example, mailreport can send you email report contains rrd graphs only, there is no way to customized the email body itself. Even the rrd graphs are only attached to the email and not embedded in the body.
I would like to be able to create custom mail report with my own signatures if that's possible.
Title: Re: Packages wishlist?
Post by: maverick_slo on January 11, 2012, 08:55:06 am
Hello!

Hope it hasn`t been answered yet or wished :)

Feature 1: When machine reboots it would be nice if it could send an email after all connections are UP (WAN)
Feature 2: When PPPoE WAN disconnects and later when it connects back option to send an email
Feature 3: Logs viewer: instead of 50-2000 limit display whole log and subpages to browse the log
also to be able to select month,day, protocol and individual interface and then display log after selection has been made
Feature 4: Firewall log: color interfaces (WAN red, LAN green) to quickly distinguish between interfaces
Feature 5: I`ve heard that Dansguardian and ClamAV is coming to pfSense great to know :)

That would be it, otherwise this is overall great product!
Title: Re: Packages wishlist?
Post by: jimp on January 11, 2012, 09:17:08 am
Feature 1: When machine reboots it would be nice if it could send an email after all connections are UP (WAN)

Eventually there will be a more full-featured notification system in the GUI to let people define events and what to send and such.

Feature 2: When PPPoE WAN disconnects and later when it connects back option to send an email

May not be too hard, but see above.

Feature 3: Logs viewer: instead of 50-2000 limit display whole log and subpages to browse the log
also to be able to select month,day, protocol and individual interface and then display log after selection has been made

That isn't likely to happen. If you need the logs, it's easy to export them via syslog to another box. Keeping all of the logs would require a lot of changes to the code and syslog setup and would break embedded installs, among other things. There are plenty of good third-party log parsers/syslog collectors that already let you drill-down with queries like that.

Feature 4: Firewall log: color interfaces (WAN red, LAN green) to quickly distinguish between interfaces

Probably not hard to implement, but not something there is a lot of requests for. It would be really easy to end up making the logs ugly and hard to read rather than making things better.
Title: Re: Packages wishlist?
Post by: marcelloc on January 11, 2012, 11:55:18 am

Feature 5: I`ve heard that Dansguardian and ClamAV is coming to pfSense great to know :)


Clamav is already there, see HAVP package.
Title: Re: Packages wishlist?
Post by: maverick_slo on January 11, 2012, 01:48:56 pm
Awsome!

Number 1 and 2 are really useful features I really hope to be added someday :)
Title: Re: Packages wishlist?
Post by: andrew0401 on January 13, 2012, 06:10:33 am
How about fetchmail - I know it was looked at some years ago.

Andrew
Title: Re: Packages wishlist?
Post by: eggsegg on January 16, 2012, 04:14:06 am
request +ipguard Packages about arp

http://deeperm.org/ipguard/
thanks
Title: Re: Packages wishlist?
Post by: sm00ph on January 24, 2012, 03:50:18 pm
I was advised to post this to the package wish list (hopefully I am in the right place):

About a decade ago there was an application written for Linux called peep. It took processes and put sound to them so that you didn't have to load/view a monitoring application to ascertain the state of your network devices, such as a firewall.
Has anyone given any thought to creating a package for pfsense to utilize this application?

I am new to this forum. I searched on the subject and hand and came up empty so I decided to start a new topic.
If I have opened a discussion that already has a thread, I apologize.
If I am opening this subject in the wrong context, again I apologize.
Please advise.
Title: Re: Packages wishlist?
Post by: Supermule on January 24, 2012, 03:54:26 pm
I second that!!

I would like to see reporting as one of the main features. This should be able to generate reports on any aspect of pfsense as well as scheduling and send the reports by email automatically.
I know there is a mailreport package and it's a good one. But good can always be better. For example, mailreport can send you email report contains rrd graphs only, there is no way to customized the email body itself. Even the rrd graphs are only attached to the email and not embedded in the body.
I would like to be able to create custom mail report with my own signatures if that's possible.
Title: Re: Packages wishlist?
Post by: rahulmkhj on February 07, 2012, 08:57:27 am
Hello Everyone!

Can we (or do we already) have a package to log URL History of all users/IPs? I need it very badly.

Thank you,

Rahul..
Title: Re: Packages wishlist?
Post by: marcelloc on February 07, 2012, 10:03:14 am
Yes,

squid proxy + lightsquid.

But you must configure proxy settings on client browsers to force all urls including https going to squid.

this tutorial shows 3 options on how to setup automatic detect proxy settings.
http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html
Title: Re: Packages wishlist?
Post by: rahulmkhj on February 07, 2012, 10:12:23 am
Yes,

squid proxy + lightsquid.

But you must configure proxy settings on client browsers to force all urls including https going to squid.

this tutorial shows 3 options on how to setup automatic detect proxy settings.
http://blog.ninjatek.co.za/2010/11/proxy-autodetection-using-pac-file-and.html

Thanks for your reply.

I know about squid, but that'll proxy all of the requests. While I want to use Public IP on LAN side & advertise user's real IP to the internet (fully transparent). That is (i think) not possible with squid package?
Title: Re: Packages wishlist?
Post by: marcelloc on February 07, 2012, 10:20:04 am
if possible only in transparente mode, so no https support for it.
Title: Re: Packages wishlist?
Post by: nickod on March 08, 2012, 09:25:03 pm
+1 apcupsd
Title: Re: Packages wishlist?
Post by: ilium007 on March 12, 2012, 12:24:53 am
Followed this apcusbd guide last night - worked perfectly !

http://forum.pfsense.org/index.php?topic=19313.0
Title: Re: Packages wishlist?
Post by: gwhynott on March 28, 2012, 07:56:51 am
i'd like to see a different reporting system for squid,  one which could email reports daily,  maybe something like SARG..

the ones available don't have manager appeal.  8)


-g



Title: Re: Packages wishlist?
Post by: marcelloc on March 28, 2012, 08:01:28 am
i'd like to see a different reporting system for squid,  one which could email reports daily,  maybe something like SARG..

the ones available don't have manager appeal.  8)

Fell lucky! I'm publishing sarg this week  ;)
Title: Re: Packages wishlist?
Post by: gwhynott on March 28, 2012, 10:07:58 am
Fell lucky! I'm publishing sarg this week  ;)

sweet!  that is great news,  thanks marcelloc!

-g
Title: Re: Packages wishlist?
Post by: mohandshamada on April 12, 2012, 09:09:40 am
request +ipguard Packages about arp

http://deeperm.org/ipguard/
thanks

yes we need that package please include that package
Title: Re: Packages wishlist?
Post by: xbaha on May 11, 2012, 03:48:57 pm
would love to see package communicate to COM port, and send characters, mainly could be used in embedded devices for serial-display LCDs...
Title: Re: Packages wishlist?
Post by: tritron on June 12, 2012, 08:52:59 pm
Like lcdproc that been part of pfsense for long time and works with number of devices and lcd displays.
Title: Re: Packages wishlist?
Post by: IGIdeus on June 13, 2012, 05:22:01 am
I'm voting for frox - ftp proxy server. This small package exist for FreeBSD but it's not starting automatically when added with pkg_add.

This is a better proxy for ftp connections than squid with all ports included in CONNECT method.

Best regards
IGIdeus
Title: Re: Packages wishlist?
Post by: marcelloc on June 13, 2012, 10:10:23 am
This small package exist for FreeBSD but it's not starting automatically when added with pkg_add.

You need to include .sh in frox startup script name at /usr/local/etc/rc.d and also edit the file changing checks on rc.conf from YES to NO.

Title: Re: Packages wishlist?
Post by: markuhde on June 17, 2012, 04:05:00 pm
FreeRADIUS 2, updated to a PBI, since the old package is now blocked even though I know I can make it work  >:(
Title: Re: Packages wishlist?
Post by: markuhde on June 19, 2012, 01:24:02 am
Scratch that there's a PBI now, just after I got it working without it LOL. I'll test next week.
Title: Re: Packages wishlist?
Post by: lassie on June 20, 2012, 11:03:54 am
This may not be the ideal place for this posting, but felt it was the most relevant sub-forum to post this, please move if I was incorrect.

I would like to see the ability to easily roll back packages. That way users can avoid the impact of bad updates, such as what has been going on since at least the 12th for the snort package, there maybe others but this the only that has greatly effected my install. I am setting up a new pfsense install to show my bosses and to try and sell them on a subscription. Yet I can not even build the system they want due to snort being broken.

I honestly do not get why there is no method or easy ability for one to roll back a released package. What is the logic behind this? For those coming into the product at a "bad" time due to package issues this would help alleviate the sour taste that comes after finding out multiple pushes of the same package have not worked, each push with its own set of issues.

I feel this a great product and its abilities are greater than other offerings, but this is major thing to me and have seen that many others feel the same way. I personally can not in good faith just recommenced something that I will have to be responsible for that does not at least have the ability to rollback a package until "bugs/breakages" are worked out fully on a released package.
Title: Re: Packages wishlist?
Post by: marcelloc on June 20, 2012, 11:57:32 am
I would like to see the ability to easily roll back packages.

You can create o local packages repo for your company and sync it with oficial repo only after you test new updates on a non production machine.
Title: Re: Packages wishlist?
Post by: lassie on June 20, 2012, 01:18:09 pm
Thank you for the suggestion, I had not even thought of that for some reason. Though I still think it would be nice to have the ability to roll back a package version on an actual install or even on a testbox without having to do a whole local repo. But will read more into it to see what it actually entails.
Title: Re: Packages wishlist?
Post by: djzort on June 23, 2012, 11:49:33 pm
I would like a package for LLDP support.

There exist some projects that already work:

https://trac.luffy.cx/lldpd/ (https://trac.luffy.cx/lldpd/)

This is now at https://github.com/vincentbernat/lldpd and is very alive and well

supports lldp (as the name implies) as well as cdp and a small buffet of other vendor proprietary equivalents. it also implements the LLDP mib via net-snmp and is a client/daemon architecture now.

downside is that although the author has factored the linux specific code into its own sections in anticipation of a bsd 'port' - this work hasnt been completed. so someone with some understanding of layer2 ethernet in bsd would need to complete this work. the author is very active on github and has accepted happily a few minor patches and feature requests from myself.

+1 for including it as a package
Title: This could be useful to back up insensitve data during travel (e.g. photos)
Post by: rcfa on June 24, 2012, 05:45:41 am
http://sparkleshare.org/ (http://sparkleshare.org/)

With SSDs and drives cheap and providing a lot more storage than a typical pfSense install requires, something like that could be a useful way to keep the firewall with less holes, because some data can be stored on the gateway itself...

...running a git server in a jail, maybe?
Title: Better management of package relationships...
Post by: rcfa on June 24, 2012, 06:21:28 am
It would be nice to know, or better to show, which packages require which others, and which ones are mutually exclusive and/or redundant.

e.g. HAVP/SquidGuard vs. Dansguardian
e.g. freeRadius vs. freeRadius2
e.g. Squid vs. Squid3
e.g. IPBlocklist/CountryBlock vs. pfBlocker
e.g. OpenOSPFD vs. QuaggaOSPF
etc.

One way would be to disable the installation of a package if a competing package is installed, with a link to the installed package that prevents the installation of the package.
Title: Re: Better management of package relationships...
Post by: marcelloc on June 25, 2012, 09:20:46 am
HAVP/SquidGuard vs. Dansguardian - Its up to you, both requires squid package.
freeRadius vs. freeRadius2 - freeradius is stable, freeradius2 has a lot of new features
Squid vs. Squid3 - same point, v2 stable(and supported by core team), v3 new features
IPBlocklist/CountryBlock vs. pfBlocker -pfblocker , IPBlocklist/CountryBlock are deprecated


Quote
One way would be to disable the installation of a package if a competing package is installed, with a link to the installed package that prevents the installation of the package.
I think a good search on forum/package description could be a better way. For example: Some admins has lightsquid and sarg installed and both packages are squid reports.
Title: Package names: function, not project name
Post by: rcfa on June 25, 2012, 11:07:06 am
As a user, I want to install a web filter, a web server, a DCHP server, a DCHP Relay, an E-mail filter, etc.

While it's nice to read in the package description what software project is used to provide a specific service, and while that should be evident on the respective configuration page, I think it's not what I'd want to see in Dashboard or a function menu names.

pfSense itself has gotten much better in that respect, and for a few minor things like pfInfo and pfTop uses proper, descriptive names throughout, rather than supplying the names of the underlying software projects.
Also "Dynamic DNS" would better be named "DNS (dynamic)" or "DNS - DynDNS" to make sure that all the DNS related things remain grouped.

The point here is to have related things grouped, and to find things by function/protocol without having to know what software project is behind it.

Unfortunately, that effort is quickly ruined by installing a few packages.

Here a few suggestions:
Dansguardian => E-mail Filter
Proxy Server => HTTP Proxy
Reverse Proxy => HTTP Proxy (reverse)
Avahi => ZeroConf Proxy
Dynamic DNS => DNS (dynamic)
IMSpector => IM Proxy
OpenBGPD => Routing BGP
Quagga OSPFd => Routing OSPF
Postfix Forwarder => E-mail Forwarder
RIP => Routing RIP
siproxd => SIP Proxy
etc. etc.


Title: Re: Packages wishlist?
Post by: jimp on June 25, 2012, 11:14:51 am
The problem with that is that is that multiple packages can have the same function, but they need unique menu names. Plus the menu names can only be a certain length.

Dansguardian and SquidGuard are both Proxy Filters of a sort, but they'd need unique names as someone could have both installed at once.

Sometimes there are conflicts (which could be handled better) so things could share a name, like Quagga OSPF and OpenOSPFD, but not everything is quite so clean.

Also Squid can proxy more than HTTP so calling it an HTTP proxy isn't quite accurate either...

Most of these are bikeshed debates that ultimately nobody will be happy with. :-)
Title: Re: Packages wishlist?
Post by: rcfa on June 25, 2012, 12:57:51 pm
The problem with that is that is that multiple packages can have the same function, but they need unique menu names. Plus the menu names can only be a certain length.

Dansguardian and SquidGuard are both Proxy Filters of a sort, but they'd need unique names as someone could have both installed at once.

Well, add a postfix to the name to unique it, but at least people will be able to find and group things by function.
The only other clean alternative is if we had a custom menu system that would allow us to rearrange and rename menu items...

Sometimes there are conflicts (which could be handled better) so things could share a name, like Quagga OSPF and OpenOSPFD, but not everything is quite so clean.

Also Squid can proxy more than HTTP so calling it an HTTP proxy isn't quite accurate either...

OK, we can try to find a better name, but "proxy server" is too generic when we also have SIP proxies, E-mail proxies, etc.

Most of these are bikeshed debates that ultimately nobody will be happy with. :-)

Well pfSense itself wasn't always very clean/consistent, but I doubt there were many complaints when that situation improved. I just think it's time for packages to follow suit, and make sure that a package doesn't stick out like a sore thumb but is indistinguishable from the base system for a user once installed.
Title: Re: Packages wishlist?
Post by: marcelloc on June 25, 2012, 05:52:26 pm
I just think it's time for packages to follow suit.

You mean change current package categories to a more specif one?

for example:

change dansguadian from Services to proxy filter
change squidguard from Network Management to proxy filter
change squid from Network to proxy server

or create tabs for each category
Title: Re: Packages wishlist?
Post by: jimp on June 25, 2012, 05:55:44 pm
He's talking about the actual menu entries... Services > Proxy Filter (squidguard), Services > Proxy Filter (squid) and so on.
Title: Re: Packages wishlist?
Post by: rcfa on June 25, 2012, 06:06:58 pm
In an ideal world, we might have freely definable, customizable menus, but that's a huge change and may make into something like pfSense 3.0 but it's certainly not around the corner or easy to do.

In the second best of worlds, we'd have submenus for specific categories, e.g.

Services > DNS > Server
Services > DNS > Forwarder
Services > DNS > Dynamic DNS

That would solve the issue with long drop-down menus and makes things easy to find, although the former has been somewhat defused with the recent addition of scrollable menus.

Of course, that's a non-trivial change to the UI which some people may not even agree with, even though.

So in the third best of worlds, we simply name things in such a way that they fall in place within a linear menu structure in logical groups. The pfSense base system does that already fairly well; notice e.g. how nicely the DHCP and most of the DNS items fall into place.

He's talking about the actual menu entries... Services > Proxy Filter (squidguard), Services > Proxy Filter (squid) and so on.

Exactly. Because that's a very easy and quick change and it solves 90% of what the more complex solutions would achieve for almost zero development effort. All it needs is a naming convention that people adhere to.
Title: Re: Packages wishlist?
Post by: Metu69salemi on June 26, 2012, 10:31:07 am
In an ideal world, we might have freely definable, customizable menus, but that's a huge change and may make into something like pfSense 3.0 but it's certainly not around the corner or easy to do.

This is not feasible from my point of view, I think there is no reason why we should customize the feel and looks of a tool. I think the effort should be more or less in a making rules and adjustments of the network
Title: Re: Packages wishlist?
Post by: rcfa on June 26, 2012, 11:17:37 am
In an ideal world, we might have freely definable, customizable menus, but that's a huge change and may make into something like pfSense 3.0 but it's certainly not around the corner or easy to do.

This is not feasible from my point of view, I think there is no reason why we should customize the feel and looks of a tool. I think the effort should be more or less in a making rules and adjustments of the network

Feasible or not, it's not what I suggested we do, certainly not anytime soon.

I do however take a bit issue with the direction of the argument. It strikes me a bit as if we were talking about screwdrivers and you'd say:
"I think there is no reason why we should create ergonomic handles on a tool. I think the effort should be more or less in making durable and non-slip screwdriver tips."

The point is, a good screwdriver has both, it may even have a ratcheting handle, in which you can customize the interface, depending on whether you want to screw a screw into or out of something...
Title: Re: Packages wishlist?
Post by: Metu69salemi on June 26, 2012, 11:24:35 am
way offtopic

I just mentioned that does hammer work better if you can read hammer from the hammer itself?!? and have changeable plates on that so you can localize your hammer text. Like the shape itself isn't enough.

Title: Re: Packages wishlist?
Post by: rcfa on June 26, 2012, 01:53:11 pm
way offtopic

I just mentioned that does hammer work better if you can read hammer from the hammer itself?!? and have changeable plates on that so you can localize your hammer text. Like the shape itself isn't enough.

No, but pfSense is a tool box, not a single tool. And a well organized and labeled toolbox is a lot more efficient to use, than a box where things are wildely out of order and you have to go hunting for the tools.

Also, not everyone is a master craftsman. You want to be able to have the apprentice fetch an auger then you must assume that he may not know how an auger looks like, but if he can read and the toolbox is organized and labeled properly, he will likely fetch the auger, even if he's never seen one before.

Further, since this is a thread about a wishlist, I think it's perfectly fine that I wish what *I* consider relevant. It's not like I'm dictating features, I just take the liberty to wish for what makes my work easier.
Title: Re: Packages wishlist?
Post by: dhatz on June 26, 2012, 02:12:26 pm
IMHO pfsense pkg developers' energy should be focused on making sure that the handful of "Tier 1" packages (e.g. Snort, routing daemons for BGP/OSPF, Varnish/haproxy and Squid) work flawlessly.

Btw I am not sure that trying to glue together packages like Squid + Dansguardian / SquidGuard etc will work as well as in the various commercial UTMs.

Finally, since IMHO pfsense isn't very well suited for SOHO environment (unless one really wants to learn a great deal in the process), it doesn't matter very much if pfsense is always checking to make sure that a user doesn't do the wrong thing (e.g. resolving conflicts between packages Quagga-OSPF vs OpenOSPF etc).
Title: Re: Packages wishlist?
Post by: mlanner on July 04, 2012, 04:21:22 pm
Hi,

I would like to see Salt as a package. It would be convenient to be able to remotely configure and manage a bunch of pfSense installations from one central point.

There's already a Salt package available in FreeBSD ports:

http://docs.saltstack.org/en/latest/topics/installation/freebsd.html
Title: Re: Packages wishlist?
Post by: rcfa on July 08, 2012, 05:01:32 pm
Finally, since IMHO pfsense isn't very well suited for SOHO environment (unless one really wants to learn a great deal in the process), it doesn't matter very much if pfsense is always checking to make sure that a user doesn't do the wrong thing (e.g. resolving conflicts between packages Quagga-OSPF vs OpenOSPF etc).

You make it sound like learning something were a bad thing. pfSense works just fine in my SOHO setup, as a matter of fact, I switched to pfSense because nothing else out there (except maybe Vyatta, but I don't like their ever more proprietary approach) could do the job I want at anywhere near justifiable costs, because cost is a massive factor in a SOHO office.

Arguing against built-in conflict resolution is like saying circular saws are for professionals only, and therefore they don't need finger guards. We might as well do away with the anti-lockout rule, etc.
IMO any good product minimizes the error potential, that's the whole point of having a user interface in the first place, otherwise, we all could just edit config files with vi.
Title: Re: Packages wishlist?
Post by: kdillen on July 12, 2012, 02:57:33 am
In my case I would love to see nginx as package.  It can be used as reverse proxy, web server, SSL-offloading for HAProxy (replacement for stunnel), etc..   It is light in resource usage and does great work. 

Title: Zabbix 2.0 Proxy
Post by: unstar on July 12, 2012, 04:54:15 pm
Could anyone please create a Zabbix 2.0 Proxy package upgrade? Since there are a lot of improvements in the latest Zabbix release, It would be great if we could use it. Thank you! :-*
Title: Re: Packages wishlist?
Post by: louis-m on July 17, 2012, 04:02:40 pm
i'd really like to see some kind of clientless ssl vpn. similar to what sslexplorer or adito is/was. the new astaro UTM has a html 5 based clientless vpn.be great if could link to freeradius also.
Title: Re: Packages wishlist?
Post by: jimp on July 17, 2012, 04:32:36 pm
If an up-to-date OSS project exists for such a thing, I'm sure it could be looked into, so long as the requirements are not crazy (like Adito's need for Java)

There really is no such things as a "clientless" VPN, it may use Java or hook into the browser, but it's still a client.
Title: Re: Packages wishlist?
Post by: judex on July 25, 2012, 05:20:09 am
I would like a clickable whois search on the alerts or blocked tab in snort.

Greets, Judex
Title: Snort info page
Post by: NG on July 25, 2012, 05:33:10 am
At first many thanks to Ermal and others for great job with Snort package. I have one little wish to help my everyday job. We have pfsense in our network. This time it is securing 5 LAN networks and we have hundreds of users in our networks. Because our company have very tight internet rules we need to Snort our LAN side traffic also and block offenders in LAN networks. Problem is that when snort blocks out a user (or IP-address) there is no information send to user about that. Traffic just ends. Next thing is the user picks up the phone and calls us and reports internet failure. Is there any chance to get a popup window, redirection or at least error page to user that tells reason for blocking? It also would help us to fix problems in rules also. The page should say for example:"You are blocked out: #REASON#". Of cause there should be enable/disable tag and selection for LAN-networks also :)
Title: Re: Snort info page
Post by: ermal on July 27, 2012, 05:02:31 am
At first many thanks to Ermal and others for great job with Snort package. I have one little wish to help my everyday job. We have pfsense in our network. This time it is securing 5 LAN networks and we have hundreds of users in our networks. Because our company have very tight internet rules we need to Snort our LAN side traffic also and block offenders in LAN networks. Problem is that when snort blocks out a user (or IP-address) there is no information send to user about that. Traffic just ends. Next thing is the user picks up the phone and calls us and reports internet failure. Is there any chance to get a popup window, redirection or at least error page to user that tells reason for blocking? It also would help us to fix problems in rules also. The page should say for example:"You are blocked out: #REASON#". Of cause there should be enable/disable tag and selection for LAN-networks also :)
Well you need to  put some funding to this since its not that easy.
Title: Re: Packages wishlist?
Post by: NG on July 27, 2012, 07:11:34 am
Hi Ermal! I can talk with my bosses about funding. I can't promise anything, I'm just a small Network Engineer :) About the idea, I was just wondering if it's possible to do that Squidguard style. Comparing clients IP and Snort blocklist. If there's a match then redirect to info page. Actually maybe this can be done in Squid or Squidguard or other external process, so the Snort is not part of this. In this case Snort is just offering some information to other processes and they do the rest..
Title: Re: Packages wishlist?
Post by: diretore on August 07, 2012, 06:58:49 am
openDNS dnscrypt proxy for encryption of dns traffic from pfsense box to opendns servers
Title: Re: Packages wishlist?
Post by: dominique.fournier on August 14, 2012, 09:42:03 am
ndpmon (the IPv6 ARPWatch) should be interesting as PFSense is the router.
http://www.freebsdsoftware.org/net-mgmt/ndpmon.html (http://www.freebsdsoftware.org/net-mgmt/ndpmon.html)
http://ndpmon.sourceforge.net/index.php (http://ndpmon.sourceforge.net/index.php)
Title: Re: Packages wishlist?
Post by: Peter2121 on September 26, 2012, 05:03:16 am
SquidClamav - ICAP based antivirus for Squid. The FreeBSD port is present.
It would be better to use the ICAP based antivirus than HAVP (parent proxy). The ICAP integration mode has less limitations (QoS, stats, authentification etc.)
I hope, Squid3 package is compiled with ICAP support ;)
Title: Re: Packages wishlist?
Post by: dhatz on October 08, 2012, 02:51:34 pm
Some SIP proxy (such as repro or Kamailio) would be nice

Read more: http://www.opentelecoms.org/use-a-sip-proxy-instead-of-asterisk
Title: Re: Packages wishlist?
Post by: babtras on November 08, 2012, 01:24:01 pm
A simple improved logging package, perhaps just a local syslog with a GUI.

I understand the 50 row limitation of the default installation because of the ability to run on a machine with no hard drive. But I would imagine that most installs have some storage available and even a basic 10 year old machine will have a 10GB+ hard disk, plenty to store a reasonable amounts of logs.

I would like to see a simple logging package that can be optionally installed that extends the logs beyond 50 entries (to a user-defined retention period or size) and provides some, even if rudimentary, filtering/sorting features.

Most places I promote using pfSense are in small businesses where an enterprise-class firewall is needed, for multi-WAN or decent VPN capability, but unavailable due to budget constraints. In these cases, there's not much eagerness to buy a separate machine to run a syslog server or add that role to already overburdened servers. I don't think there's any reason why the pfSense machines can't store their own logs if the disk space allows it.
Title: Re: Packages wishlist?
Post by: marcelloc on November 08, 2012, 09:24:02 pm
Current gui accepts 2000 lines, check config options  ;)
Title: Re: Packages wishlist?
Post by: dhatz on November 18, 2012, 07:10:21 pm
GNU Gatekeeper for H.323 proxy:

http://www.gnugk.org/h323-proxy.html

Rationale: H.323 remains by far the most popular protocol for video conferencing at companies, but unlike -recent- SIP software, H.323 can't deal with NAT thus requiring a proxy / ALG.
Title: Re: Packages wishlist?
Post by: CrackBlue on December 19, 2012, 01:25:05 am
I wish that

1. aliases will include mac addresses and the firewall can manipulate mac addresses to deny/block
2. squid will have purge option for the cache and edited some squid related configuration like.. squid.inc :)

just a small wish though this christmas season
Title: RE: Packages wishlist?
Post by: maex on January 10, 2013, 03:27:30 am
Hi!
it would be great to see what comes with a newer version of a package.
Right now there is either no link at all, or a link to the general forum. Both are mostly not giving out information on what has changed.
So a simple release notes page for each package would be sufficient. It should be easily reachable from the packages lists. That would be great!

e.g.

Version 1.2 (release date)
... changes since previous version
Version 1.1 (release date)
... changes since previous version

...

Thanks, for all the wonderful work on pfsense!
Max
Title: Re: Packages wishlist?
Post by: dvserg on January 10, 2013, 03:53:39 am
If you interested - possible look githum commits history for each package
https://github.com/bsdperimeter/pfsense-packages/tree/master/config
Title: Re: Snort info page
Post by: acald on February 18, 2013, 10:23:07 am
At first many thanks to Ermal and others for great job with Snort package. I have one little wish to help my everyday job. We have pfsense in our network. This time it is securing 5 LAN networks and we have hundreds of users in our networks. Because our company have very tight internet rules we need to Snort our LAN side traffic also and block offenders in LAN networks. Problem is that when snort blocks out a user (or IP-address) there is no information send to user about that. Traffic just ends. Next thing is the user picks up the phone and calls us and reports internet failure. Is there any chance to get a popup window, redirection or at least error page to user that tells reason for blocking? It also would help us to fix problems in rules also. The page should say for example:"You are blocked out: #REASON#". Of cause there should be enable/disable tag and selection for LAN-networks also :)

Something that may be more to what you are looking for and could work in tandem with pfSense is packetfence.
Title: Re: Packages wishlist?
Post by: tester_02 on February 18, 2013, 11:41:09 am
If you interested - possible look githum commits history for each package
https://github.com/bsdperimeter/pfsense-packages/tree/master/config


Thanks!   I never knew that existed!!!!    I think if more people had that link, a lot of the questions would go away when the package maintainers make a change.
Title: Re: Packages wishlist?
Post by: pr0vieh on February 19, 2013, 03:31:05 pm
can you take a look on
bitmeteros to nicer live traffic monitoring it looks very nice....

http://codebox.org.uk/pages/bitmeteros

i hope to see this as package soon :)

greets Pr0vieH
Title: Re: Packages wishlist?
Post by: jimp on February 19, 2013, 03:51:02 pm
can you take a look on
bitmeteros to nicer live traffic monitoring it looks very nice....

http://codebox.org.uk/pages/bitmeteros

i hope to see this as package soon :)

Looks interesting but they don't appear to support FreeBSD.
Title: Re: Packages wishlist?
Post by: pr0vieh on February 19, 2013, 04:32:18 pm
Looks interesting but they don't appear to support FreeBSD.

arg sorry i don't see this...

i ask the developer for FreeBSD Support
Title: Re: Packages wishlist?
Post by: anas_xrt on February 24, 2013, 12:43:42 am
WanAccelerator package

WANproxy, trafficSqueezer, (OpenNOP)
http://wanproxy.org/
http://www.trafficsqueezer.org/
http://www.opennop.org/ (Linux Only?)

I would like to have kind of VoIP wan optimizer, seem Traffic Squeezer has ability of..

The idea is can have the server mode and client mode for end -to- end tunnel for Codec g.729 or g.722 or g.726 on SIP or IAX protocol. Since we already have Asterisk package.

The Qos and Packet Sharper seem does not really help if we got bigger concurrent. But if we can squeeze the bandwidth it would really help.
Title: Re: Packages wishlist?
Post by: marcelloc on February 24, 2013, 09:21:29 pm
It looks like only wanproxy has Freebsd support.

I could compile it, but i'ts not a freebsd port yet and may work better optimizing tcp connections.
Title: Re: Packages wishlist?
Post by: satheeshkumarms on February 26, 2013, 01:22:17 am
Hi,
I wish to have a monitoring system to see my logged in users of PPPoE server,also a .bandwidth control and real-time usage graph.I'm using pfsense 2.0.1.Anyone have a package or graph supporting PPPoE server will be greatly useful to me.

thanx in ad'vance
Title: Re: Packages wishlist?
Post by: Clear-Pixel on March 08, 2013, 04:46:13 pm
Adding IP GeoLocation to monitor Pfsense logs would be a very productive addition.

Example using third party software
Setup Guide
http://www.seattleit.net/blog/realtime-pfsense-firewall-attack-logs-in-splunk-google-maps-with-geoip/

Open Source IP geolocation
http://www.maxmind.com/en/opensource

Splunk
http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W
Title: Re: Packages wishlist?
Post by: adx442 on March 21, 2013, 12:17:35 pm
I'd love to see a "Test Settings" package.  For example, you go to the package, and set a timer or date to test settings until.  It backs up your current config to a location, and adds a cronjob or something to reapply your "old" config at the end of the timer and reboot.  That way, if you're testing out some new rules, packages, or traffic shaping and something goes horribly wrong or you get locked out, you just need to wait out the timer to get back to your known good configuration. 

I think it would be very handy for making changes remotely, where you're logged in through SSH or VPN and you could easily lose the ability to reconnect accidentally. 
Title: "Monit" for customized monitoring and alerting
Post by: menacingm on April 03, 2013, 01:03:34 pm
Monit for customized monitoring and alerting. This would be a solid addition to PFSense in an area where it is lacking; customized alerting and reporting.

It is also a great package that could replace many other packages as far as functionality. Fully open source/Unix compatible, compatible license (GNU/AGPL) and would add to the reliability and value of PFSense if integrated properly.

http://mmonit.com/monit/
http://freecode.com/projects/monit
Title: Re: Packages wishlist?
Post by: markuhde on May 02, 2013, 04:25:38 pm
Squid 3.3.4 - 3.1 is pretty dated now
Title: Re: Packages wishlist?
Post by: marcelloc on May 02, 2013, 08:56:20 pm
Squid 3.3.4 - 3.1 is pretty dated now

It's almost done.

take a look on this thread http://forum.pfsense.org/index.php/topic,58368.0.html and help on the bounty  ;D
Title: Re: Packages wishlist?
Post by: rcfa on June 09, 2013, 11:06:50 am
This would seem like an ideal candidate to include in pfSense:

http://www.openlisp.org/

Title: Re: Packages wishlist?
Post by: mosfet on June 10, 2013, 03:57:56 pm
I'd like to see privoxy added, plz.

+1!  :)
Title: Re: Packages wishlist?
Post by: rcfa on June 13, 2013, 12:33:20 pm
Actually a forum wishlist: make sub-sections for each package under the Packages section.
It's pretty hard to browse all relevant threads relevant to a particular package, it would be easier to have these threads grouped.
That would also make it easier for maintainers to have a quick look if there's activity, and for users to see if a package is alive.
Title: How about a TOR module?
Post by: rcfa on June 19, 2013, 04:23:33 pm
With the kind of ever-increasing big-brother mentality on the internet, having TOR on as many routers as possible would make things a lot better. Fighting against big brother politically is important, but in the mean time, it's also helpful to use technology...

https://www.torproject.org/about/overview.html.en
https://www.torproject.org/docs/tor-doc-unix.html.en
https://www.torproject.org/docs/tor-relay-debian.html.en
https://www.torproject.org/download/download-unix.html.en
Title: Re: Packages wishlist?
Post by: biggsy on June 20, 2013, 02:37:26 am
Actually a forum wishlist: make sub-sections for each package under the Packages section.

I would like to see that too.  Maybe as part of updating SMF?

Having a subsection in the forum would also make it a bit easier to get a feel for the stability of packages.   
Title: Re: Packages wishlist?
Post by: dhatz on June 20, 2013, 06:33:19 pm
Actually a forum wishlist: make sub-sections for each package under the Packages section.

I would like to see that too.  Maybe as part of updating SMF?

Having a subsection in the forum would also make it a bit easier to get a feel for the stability of packages.  

I guess that creating a sub-forum for each and every pfSense package might be a bit too much, but perhaps a sub-forum for the "tier-1" packages (snort, squid, haproxy/varnish etc) or for 4-5 main "categories" ids/ips (snort etc), proxy/rev.proxy (squid, haproxy, varnish), monitoring (zabbix, nrpe), L7 filtering (squidguard, dansguardian), routing (openbgp, quagga) etc
Title: Re: Packages wishlist?
Post by: SIPpyCup on June 25, 2013, 08:10:27 am
* privoxy (loop back content filter)

privoxy is offered in an adblock/pornblock/virus/filter how to in the forum
http://forum.pfsense.org/index.php/topic,57916.0.html


* PBX in a flash

imho more attractive than merely freeswitch

there are numerous threads on pbx in a flash forums on how to install with pfsense.  It would be easier as a package

Title: Re: Packages wishlist?
Post by: SIPpyCup on June 25, 2013, 08:19:31 am
Track Me Not

currently released as a browser extension for firefox and chromium

it's a "counter intelligence" interweb tool that is not only for the tinfoil hatter club

http://cs.nyu.edu/trackmenot/
Title: Re: Packages wishlist?
Post by: SIPpyCup on June 25, 2013, 08:25:24 am
export settings to one/all of

http://s3.amazon.com
http://joynet.com
http://dreamhost.com/cloud/


Quote
As part of the AWS Free Usage Tier, you can get started with Amazon S3 for free. Upon sign-up, new AWS customers receive 5 GB of Amazon S3 standard storage, 20,000 Get Requests, 2,000 Put Requests, and 15GB of data transfer out each month for one year.

additionally amazon customers receive free 5 GB storage s3 (not in addition to the free tier, but also not limited to one year of freeness) and separately 5 FB storage clouddrive

(there's also a free year of EC2 in which one may run PBX in a Flash until it's a package for pfSense) ;)


Title: pfSense XMPP server packages
Post by: SIPpyCup on June 25, 2013, 08:26:37 am
XMPP server  (Jabber)

I would prefer either/both

http://prosody.im

http://tigase.com
http://tigase.org

 and a gui for managing server extensions


some guru way to discourage protracted non-OTR encrypted conversations?

http://otr.cypherpunks.ca

Title: req: pfSense SIPsorcery packages
Post by: SIPpyCup on June 25, 2013, 08:29:11 am
SIPsorcery  (it doesn't do RTP)

http://sipsorcery.com
http://sipsorcery.codeplex.com/

If you wanted to add more VoiceGateways to your Obihai (or other ATA) this would be one option, and less costly self hosted.  Aaron has made the source f/OSS.  (I never use googlevoice or other google properties; to cut down on headaches don't try to maintain GV functionality)

Title: BGP daemon that works with RADIX_MPATH / ECMP
Post by: dhatz on June 30, 2013, 10:55:55 am
Given the some of the recent feedback regarding problems with using BGP under pfSense, based on this discussion (http://lists.freebsd.org/pipermail/freebsd-net/2013-June/035863.html) at the freebsd-net mailing list, it seems that bird might be the answer ...

http://www.freshports.org/net/bird/
http://bird.network.cz/
Title: Stud to integrate with HAProxy
Post by: zenny on July 03, 2013, 12:32:05 pm
HAProxy-devel also supports SSL, but is not ready for production and also SNI could be an issue.

So I request a package for Stud (https://github.com/bumptech/stud) is a lightweight and easy to configure proxy which can coexist with HAProxy to support SSL and SNI for production servers. Thanks!

Title: Suricata
Post by: zenny on July 04, 2013, 11:47:43 am
Since Snort is single-threaded, wouldn't it be nice to include a package for suricata (http://suricata-ids.org/) which supports mutli-threaded processing?

Ref: http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf
Title: Re: Suricata
Post by: rcfa on July 04, 2013, 03:03:53 pm
Since Snort is single-threaded, wouldn't it be nice to include a package for suricata (http://suricata-ids.org/) which supports mutli-threaded processing?

Ref: http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf

Looks like a great one. I also think the non-proprietary nature would make it a better fit, and with more and more GPU-power, CUDA support could make quite a difference in CPU load and allow for better utilization of existing hardware.
Also, Snort, over the past, seems to have been rather fickle, and quite the resource hog. Anything that's more efficient and less picky or easier to configure would be a good step forward.
Title: Re: Packages wishlist?
Post by: xbipin on July 22, 2013, 12:58:08 am
would love to have freeswitch
Title: Re: Packages wishlist?
Post by: rcfa on July 22, 2013, 12:59:45 am
would love to have freeswitch

+1
Title: Re: Packages wishlist?
Post by: rcfa on July 22, 2013, 01:01:40 am
A STUN server package would also be VERY useful.

http://sourceforge.net/projects/stun/

Basically, as "low end" hardware gets more powerful, pfSense would be very useful to evolve into a "network border server" in addition to being a firewall router.

Tons of services that need to be available from the public net, and that one may not want to puncture the protective wall, could simply run on the firewall device: STUN, OwnCloud, FreeSwitch/Asterisk/PBSinAFlash, Suricata/Snort, privoxy/trackmenot/TOR, etc.

If we don't want a totally cluttered environment, at some point it may make sense to have "official" packages, which are fully integrated and tested to cover certain aspects of a network border server.
Title: Re: Packages wishlist?
Post by: zenny on July 22, 2013, 01:15:28 am
A STUN server package would also be VERY useful.

http://sourceforge.net/projects/stun/

Basically, as "low end" hardware gets more powerful, pfSense would be very useful to evolve into a "network border server" in addition to being a firewall router.

Tons of services that need to be available from the public net, and that one may not want to puncture the protective wall, could simply run on the firewall device: STUN, OwnCloud, FreeSwitch/Asterisk/PBSinAFlash, Suricata/Snort, privoxy/trackmenot/TOR, etc.

If we don't want a totally cluttered environment, at some point it may make sense to have "official" packages, which are fully integrated and tested to cover certain aspects of a network border server.

To complement stun, STUN-over-TCP (http://sourceforge.net/projects/stunovertcp) would be a good combination with Vovida STUN (http://sourceforge.net/projects/stun/).
Title: Re: Packages wishlist?
Post by: mystycs on August 28, 2013, 10:19:06 am
ziproxy!

http://ziproxy.sourceforge.net/download.html
Title: Re: Packages wishlist?
Post by: Derf on September 26, 2013, 04:08:26 am
portspoof could be a nice addition

https://github.com/drk1wi/portspoof
Title: Re: Packages wishlist?
Post by: Topper727 on October 06, 2013, 02:42:42 pm
I wish Snorby would be as a package.  I have setup on another machine it is very handy.  I don't want to have to run 2 machines to do this.  I have enough CPU for both in firewall machine
Title: Re: Suricata
Post by: lindsay on December 12, 2013, 11:23:40 am
Since Snort is single-threaded, wouldn't it be nice to include a package for suricata (http://suricata-ids.org/) which supports mutli-threaded processing?

Ref: http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf

Looks like a great one. I also think the non-proprietary nature would make it a better fit, and with more and more GPU-power, CUDA support could make quite a difference in CPU load and allow for better utilization of existing hardware.
Also, Snort, over the past, seems to have been rather fickle, and quite the resource hog. Anything that's more efficient and less picky or easier to configure would be a good step forward.

+1 from me
Title: Re: Packages wishlist?
Post by: lindsay on December 12, 2013, 11:25:44 am
Actually a forum wishlist: make sub-sections for each package under the Packages section.
It's pretty hard to browse all relevant threads relevant to a particular package, it would be easier to have these threads grouped.
That would also make it easier for maintainers to have a quick look if there's activity, and for users to see if a package is alive.

+ 1 from me too as i was ordering a adtrap wich do not work.
And to ship it back again is like ordering a new
Title: Re: Packages wishlist?
Post by: marcelloc on December 13, 2013, 08:16:54 am
this script may help you undestanding how to install it on freebsd.

Most of this are already done on snort package
https://github.com/shirkdog/snorby-bsd/blob/master/snorbyInstall.sh
Title: Re: Packages wishlist?
Post by: Roman513 on December 19, 2013, 01:50:26 am
strongSwan!
Title: Re: Packages wishlist?
Post by: jimp on December 19, 2013, 10:41:21 am
strongSwan!

Keep an eye on 2.2 for that.
Title: Re: Packages wishlist?
Post by: exograpix on December 23, 2013, 03:45:40 am
Any antivirus solution for squid-dev or installation wayout.

Thanks
Title: Re: Packages wishlist?
Post by: Trylen on December 30, 2013, 07:30:34 am
A bandwidth monitor that allows you to keep track of Data Caps. Kind of like Traffic Accounting in IPCop.
Title: Re: Packages wishlist?
Post by: twau on January 05, 2014, 09:39:41 am
I would love a package that could remove spikes from RRD graphs. Cause sometimes when I reboot pfSense I get really high spikes on the graphs that is not normal, and it destroys the whole graph.

Some links about this matter:
https://github.com/mhagander/rrdclean
http://acktomic.com/2007/08/31/removing-spikes-from-rrd-databases/
http://www.serveradminblog.com/2010/11/remove-spikes-from-rrd-graphs-howto/
Title: Re: Packages wishlist?
Post by: kilko on January 06, 2014, 12:33:24 pm
My Whishlist:

Simple "ifdown" package - reboot.   (if not able to ping a given host, reboot pfsense)

..or can this be done with cron and a command directly on the box itself ?
Title: Re: Packages wishlist?
Post by: GruensFroeschli on January 06, 2014, 02:19:00 pm
Why the hell would you want to reboot your pfSense???
Title: Re: Packages wishlist?
Post by: kilko on January 07, 2014, 06:12:43 am
Why the hell would you want to reboot your pfSense???

Let my just state: that pfsense is unbeatable stable (for the price and functions available) and have been running for months and (would be years..) but my ISP is making "hiccups on the cable" which makes the traffic suddenly stop flowing..   Read more if you like here; http://forum.pfsense.org/index.php/topic,69879.msg381954.html#msg381954

I have 3 Reason:

1. When doing a controlled reboot all data /traffic etc is saved.
2. When my ISP is doing some upgrade/"fixing".. I sometimes reboot the cable modem.. and sometimes I have to reboot pfsense too, to get internet running again.
3. When I'm not home - and internet stoppes working, my system will try to get online again automatically. (and people don't have to start calling me ;-))

Title: Re: Packages wishlist?
Post by: kilko on January 15, 2014, 01:21:53 pm
Why the hell would you want to reboot your pfSense???

Let my just state: that pfsense is unbeatable stable (for the price and functions available) and have been running for months and (would be years..) but my ISP is making "hiccups on the cable" which makes the traffic suddenly stop flowing..   Read more if you like here; http://forum.pfsense.org/index.php/topic,69879.msg381954.html#msg381954

I have 3 Reason:

1. When doing a controlled reboot all data /traffic etc is saved.
2. When my ISP is doing some upgrade/"fixing".. I sometimes reboot the cable modem.. and sometimes I have to reboot pfsense too, to get internet running again.
3. When I'm not home - and internet stoppes working, my system will try to get online again automatically. (and people don't have to start calling me ;-))

If not a package, here is a howto: http://forum.pfsense.org/index.php/topic,71335.msg389446.html#msg389446
Title: Re: Packages wishlist?
Post by: BBcan177 on January 16, 2014, 04:40:39 pm
this script may help you undestanding how to install it on freebsd.

Most of this are already done on snort package
https://github.com/shirkdog/snorby-bsd/blob/master/snorbyInstall.sh


Hi Marcello, have you tested this Snorby script on 2.1 Release?

Can you share some screenshots of the interface?
Title: Re: Packages wishlist?
Post by: BBcan177 on January 16, 2014, 04:46:30 pm
I would like to see an OSSEC package. Their website says FreeBSD is suppored.        http://www.ossec.net/?page_id=165

I would also like to see pfBlocker updated to include domain blocking on top of the existing IP based lists and the ability to use .csv lists.

and finally pfCenter to monitor and control several pfSense boxes in one application.
Title: Re: Packages wishlist?
Post by: ninjabeirut on February 04, 2014, 10:05:22 am
portspoof could be a nice addition

https://github.com/drk1wi/portspoof

This gets a vote from me. Sounds awesome!

Would really need this.
Title: Re: Packages wishlist?
Post by: NOYB on March 03, 2014, 06:17:03 pm
 
Is there a PhantomJS package for FreeBSD?  Found a port at FreeBSD org, but was hoping for a ready to go package.
 
http://www.freebsd.org/cgi/ports.cgi?query=phantomjs&stype=all
http://svnweb.freebsd.org/ports/head/lang/phantomjs/
 
Title: Re: Packages wishlist?
Post by: Sickcero on March 05, 2014, 11:03:33 pm
I would like to see an OSSEC package. Their website says FreeBSD is suppored.        http://www.ossec.net/?page_id=165

I think an OSSEC Agent package would be a GREAT addition to the lineup. I believe it would be a reletivly easy package to build as it is already BSD compatable and requires very few user inputed settings to have it up and running (< 4 I think). While syslog works well enough for remote log generation an OSSEC Agent would provide a huge number of additional awesome feature that syslog was not ment to include. (log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response - according to their website) But the thing that does it the most for me is the fact that OSSEC is being integrated into many open source SIEM projects, and the inclusion of an OSSEC package would allow pfSense to be even better integrated into a quality SIEM/UTM environment.

A final note, OSSEC is a free and open source product and seems to follow a similar philosophy to the pfTeam and appear to be in it for the long haul.

EDIT: Im using this as a way to practice building a package and hosting a repository, I don't have anything worthwhile yet but if anyone has any suggestions send me a message, dont post here. Thanks!
Title: Re: Packages wishlist?
Post by: BBcan177 on March 05, 2014, 11:15:43 pm
I would like to see an OSSEC package. Their website says FreeBSD is suppored.        http://www.ossec.net/?page_id=165

I think an OSSEC Agent package would be a GREAT addition to the lineup. I believe it would be a reletivly easy package to build as it is already BSD compatable and requires very few user inputed settings to have it up and running (< 4 I think). While syslog works well enough for remote log generation an OSSEC Agent would provide a huge number of additional awesome feature that syslog was not ment to include. (log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response - according to their website) But the thing that does it the most for me is the fact that OSSEC is being integrated into many open source SIEM projects, and the inclusion of an OSSEC package would allow pfSense to be even better integrated into a quality SIEM/UTM environment.

A final note, OSSEC is a free and open source product and seems to follow a similar philosophy to the pfTeam and appear to be in it for the long haul.

EDIT: Im using this as a way to practice building a package and hosting a repository, I don't have anything worthwhile yet but if anyone has any suggestions send me a message, dont post here. Thanks!

I believe they are working on having an OSSEC Server installation. I hope that it can also be run as an "Agent" as I already have an OSSEC Server on my system.

https://github.com/pfsense/pfsense-packages/pull/526 (https://github.com/pfsense/pfsense-packages/pull/526)

Title: Re: Packages wishlist?
Post by: Sickcero on March 05, 2014, 11:39:29 pm

I believe they are working on having an OSSEC Server installation. I hope that it can also be run as an "Agent" as I already have an OSSEC Server on my system.

https://github.com/pfsense/pfsense-packages/pull/526 (https://github.com/pfsense/pfsense-packages/pull/526)

Nice! I would assume that we would have agent functions by themselves if we should so chose, I would hope so anyway! :)  Im in the same boat as you, I already have a server and just need to be able to integrate my pf boxes with agent functionality.
Title: Re: Packages wishlist?
Post by: onlineph on March 10, 2014, 09:04:56 pm
enhance squid/ lusca package that would auto propagate based on the PC's profile so we dont have to manually set things but just to make some edition.

also with snort, if its ok that onese installed it auto propagate or auto config to a standard based on the PC capacity.
Title: Re: Packages wishlist?
Post by: nsnetworks on March 17, 2014, 11:18:00 pm
I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.

In about 2 weeks time we will be looking for a few beta testers of this package.

Features will include:

* node.js based http proxy/dns filter
* Commercial based categorization engine
* HTTP filtering based on categories
* DNS filtering based on categories
* AD integration
* Fully customizable block/login/tos pages

We will be looking for feedback and bug reporting.

If you would be interested in participating in this test, please let me know.

Thanks,
James
Title: Re: Packages wishlist?
Post by: sunghost on March 24, 2014, 03:51:33 am
Hi,
i didnt read the full list with 30 pages but back to last year. My wish is a simple update of the actual squid package to 3.4.x - whould nice to use an actual one ;)
Title: Re: Packages wishlist?
Post by: hcoin on March 29, 2014, 02:09:15 pm
Notice the multi-master database, mariadb / galera has a little state-saving daemon, garbd, which is a 'member' of a cluster but doesn't save any data.  It serves only to keep track of which other 'real' members were up and when.  The purpose is to prevent 'split brain' events from happening, as one 'real' database instance and one 'garbd' instance is enough, while one database instance alone shuts down for fear of 'split brain' corruption.

If pfsense supported garbd only, then real failover and a multi-master database with only two other systems is possible.  And, with pfsync, multiple garbd instances provide better assurances.   It's a natural, really, for pfsense.

Title: Re: Packages wishlist?
Post by: hcoin on April 03, 2014, 03:02:50 pm
The CRON gui should be split into two sections, one which is maintained on the specific machine, and another which is automatically synced via the usual pfsync/HA option.

Presently it's a bit of a pain to remember to manually update some, but not all, cron entries on backup pf boxes.
Title: Re: Packages wishlist?
Post by: hcoin on April 03, 2014, 03:13:59 pm
The "Filer" package should have an option so that the given command can be run after any change to config.xml.   

If you want to stay entirely 'pure' within the xml, (avoid ugly hacks), the only way to do this is create a cron job that looks for changes and then runs a list of commands. 

Title: Re: Packages wishlist?
Post by: marcelloc on April 03, 2014, 05:04:03 pm
The "Filer" package should have an option so that the given command can be run after any change to config.xml.   

I do not recommend filer to edit files that pfsense does after any change.
Title: Re: Packages wishlist?
Post by: hongkonger on April 04, 2014, 01:12:23 am
Would really love an implementation of either of the following

- Freenas
- Bacula Server
- Simple FTP server for file storage
- Samba (with UI)

Most of the above are already available in some adhoc way on pfsense (except bacula server and Freenas) , but really appreciate a UI based installation and management.

thanks
Title: Re: Packages wishlist?
Post by: comi on April 16, 2014, 01:03:02 pm
I'd love to have privoxy available on PfSense.
Title: Re: Packages wishlist?
Post by: j@svg on April 17, 2014, 10:44:21 pm
ntop-ng! I really wish I knew how to package stuff for pfsense or I'd do it myself.... I mean, is there a guide anywhere?
Title: Re: Packages wishlist?
Post by: marcelloc on April 18, 2014, 07:20:46 pm
Hi,
i didnt read the full list with 30 pages but back to last year. My wish is a simple update of the actual squid package to 3.4.x - whould nice to use an actual one ;)

It's not ported yet to freebsd ports

http://www.freebsd.org/cgi/ports.cgi?query=squid3&stype=all&sektion=all
Title: Re: Packages wishlist?
Post by: Nadrek on April 23, 2014, 10:14:23 pm
More certificate management; in particular:

The ability to use a pfSense Certificate Manager CA certificate to sign CSR's (Certificate Signing Requests).  I've got some internal devices that I'd like to use my normal internal CA (generated on pfSense) to sign.

Title: Re: Packages wishlist?
Post by: edgars on May 10, 2014, 09:21:26 am
OCSinventory-agent
Title: Re: Packages wishlist?
Post by: Bismarck on May 11, 2014, 05:22:00 am
1. Postfix Forwarder update to 2.11.1 with postscreen_dnsbl_whitelist_threshold enabled, so we can finaly make use of postscreens greylisting feature.

Quote
  * A new postscreen_dnsbl_whitelist_threshold feature to allow
    clients to skip postscreen tests based on their DNSBL score.
    This can eliminate email delays due to "after 220 greeting"
    protocol tests, which otherwise require that a client reconnects
    before it can deliver mail. Some providers such as Google don't
    retry from the same IP address, and that can result in large
    email delivery delays.

http://permalink.gmane.org/gmane.mail.postfix.announce/146

http://svnweb.freebsd.org/ports/head/mail/postfix/


2. Postfix secure SMTP should use pfSense certs

Code: [Select]
# pfSense Postfix Forwarder TLS
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/pbi/postfix-amd64/etc/ssl/server.key
smtpd_tls_cert_file = /usr/pbi/postfix-amd64/etc/ssl/server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

so we don't need to use custom main.cf options and generate the certs via command line.
Quote
220-mailserver.tld ESMTP smtprelay service ready.
220 mailserver.tld ESMTP smtprelay service ready. [285 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-mailserver.tld
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [749 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [749 ms]
RCPT TO: <test@example.com>
554 5.7.1 <test@example.com>: Relay access denied [749 ms]

https://forum.pfsense.org/index.php?topic=70046.msg382794#msg382794


3. squid3-dev amd64 with working Clamav anti-virus integration using c-icap

https://forum.pfsense.org/index.php?topic=73921.0

I know that marcelloc does not have the time and resource to fix this problem atm, but we could collect some money and call a bounty, so we can hire him or someone who can fix this. A lot of people struggling with squid and dansguardiann anti-virus on amd64 systems, so there is a high demand fixing this.

Thanks for your attention.
Title: Re: Packages wishlist?
Post by: lsense on May 15, 2014, 04:26:44 am
gnupg
Title: Re: Packages wishlist?
Post by: nsnetworks on June 04, 2014, 04:03:58 pm
I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.

In about 2 weeks time we will be looking for a few beta testers of this package.

Features will include:

* node.js based http proxy/dns filter
* Commercial based categorization engine
* HTTP filtering based on categories
* DNS filtering based on categories
* AD integration
* Fully customizable block/login/tos pages

We will be looking for feedback and bug reporting.

If you would be interested in participating in this test, please let me know.

Thanks,
James

The demo of this is ready, if anyone is interested in testing it out let me know.

Thanks,
Title: Re: Packages wishlist?
Post by: MBX on June 08, 2014, 04:05:07 pm
This could be good, we can do some testing for you.
Title: Re: Packages wishlist?
Post by: cr08 on June 13, 2014, 07:48:15 am
As far as I could tell I couldn't find this for pfSense so someone correct me if I am wrong.

Ages ago I used to play in the Smoothwall side of things and one package I really loved was the modem monitor package. Simply put it logged modem signal stats over time and graphed them. http://community.smoothwall.org/forum/viewtopic.php?f=26&t=23844

Really itching to see this in pfSense.
Title: Re: Packages wishlist?
Post by: Cino on June 13, 2014, 10:27:10 am
I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.

In about 2 weeks time we will be looking for a few beta testers of this package.

Features will include:

* node.js based http proxy/dns filter
* Commercial based categorization engine
* HTTP filtering based on categories
* DNS filtering based on categories
* AD integration
* Fully customizable block/login/tos pages

We will be looking for feedback and bug reporting.

If you would be interested in participating in this test, please let me know.

Thanks,
James

The demo of this is ready, if anyone is interested in testing it out let me know.

Thanks,

James I would be interested if your still looking for testers
Title: Re: Packages wishlist?
Post by: KOM on June 24, 2014, 09:42:40 am
Smokeping
Title: Re: Packages wishlist?
Post by: feld on July 08, 2014, 09:02:34 pm
If someone could package sysutils/xe-guest-utilities for me that would be great. I know nothing of the pfSense packaging, but maintain/developed the port. The port is very simple -- a couple shell scripts -- and just requires a daemon start/stop. It also has very few dependencies.

This is going to be extremely important for virtualizing pfSense 2.2 on Citrix XenServer


Thank you!
Title: Re: Packages wishlist?
Post by: periko on September 26, 2014, 04:12:25 pm
 ACL Custom rules for squid, the GUI is to limit.
 I have to manually edit the internal files :-).
Title: Re: Packages wishlist?
Post by: bzg on November 30, 2014, 08:00:07 pm
The nginx will be packaged in the feature? We are using as reverse proxy for http and https with multiple applications and multiple backend host (tomcat, apache, thin).

Kind Regards,
Zoltan
Title: Re: Packages wishlist?
Post by: Mithrondil on December 14, 2014, 03:22:37 pm
In the future, Id like to see a package for installing DNScrypt.
Title: Re: Packages wishlist?
Post by: tiv on December 23, 2014, 10:01:58 am
Hi All!

Wish "logstash-forwarder" (https://github.com/elasticsearch/logstash-forwarder) in the packages.

Wish make dreams come true  :)
Title: Re: Packages wishlist?
Post by: bmeeks on December 24, 2014, 09:19:02 am
Hi All!

Wish "logstash-forwarder" (https://github.com/elasticsearch/logstash-forwarder) in the packages.

Wish make dreams come true  :)

It is coming soon as a part of Suricata to enable JSON logging to ELK.  Have not finalized how to actually implement it, though.  Could be a better move to make it an independent package that other packages could utilize when it is detected.

Bill
Title: Re: Packages wishlist?
Post by: Topper727 on January 01, 2015, 10:38:26 pm
Phpsysinfo

I can get to run just not make a package for it.

2.2-RC (amd64)
built on Wed Dec 31 07:14:09 CST 2014
FreeBSD pfSense.localdomain 10.1-RELEASE-p3 FreeBSD 10.1-RELEASE-p3 #0 8bdb2f8(releng/10.1)-dirty: Wed Dec 31 07:51:59 CST 2014 root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64


I installed the latest by copy and untar and then point my broswer but this is all manual.. wish was included as a package..


with latest version you can watch from you andriod or Iphone see details of all kinds of stuff. there is more that this does but I just not modify the standard config file to show I think

If someone can make this a package with a config page to modify the options or anything like that I would love it. maybe when more money I make I will donate to them.   

I can show someone how to install this if they are interested .. Manually of course.  I don't have time to learn how to make packages yet.

of course what I show is my android phone and computer screens.. they are very bare in details compare to what this can show you.   There is couple plugins that pull details like temps and other battery backups and other good information that you can see from remote if you setup right.

Title: Re: Packages wishlist?
Post by: dancwilliams on January 06, 2015, 01:52:59 pm

It is coming soon as a part of Suricata to enable JSON logging to ELK.  Have not finalized how to actually implement it, though.  Could be a better move to make it an independent package that other packages could utilize when it is detected.

Bill

I am very excited about this feature also.  Being able to visualize Suricata in ELK will be AWESOME! Wish I had more knowledge so I could help...

Dan
Title: Re: Packages wishlist?
Post by: bmeeks on January 06, 2015, 06:21:15 pm

It is coming soon as a part of Suricata to enable JSON logging to ELK.  Have not finalized how to actually implement it, though.  Could be a better move to make it an independent package that other packages could utilize when it is detected.

Bill

I am very excited about this feature also.  Being able to visualize Suricata in ELK will be AWESOME! Wish I had more knowledge so I could help...

Dan

I am working now on a logstash-forwarder package for pfSense.  I decided to make it a standalone package that can siphon logs from anything configured to log on the pfsense firewall.  Realize, though, that logstash-forwarder is just that:  a forwarder daemon.  It won't have any pretty charts on pfSense.  It will simply collect logs and ship them off via a SSL connection to a designated Logstash host someplace.  You will still need to provide your own host and of course client for viewing the pretty charts and data in the ELK combo.

There will be a simple GUI for configuring the forwarder on pfSense, but it will just be for importing SSL keys and selecting which logs to forward.

Bill
Title: Re: Packages wishlist?
Post by: dancwilliams on January 18, 2015, 02:29:54 pm
I am working now on a logstash-forwarder package for pfSense.  I decided to make it a standalone package that can siphon logs from anything configured to log on the pfsense firewall.  Realize, though, that logstash-forwarder is just that:  a forwarder daemon.  It won't have any pretty charts on pfSense.  It will simply collect logs and ship them off via a SSL connection to a designated Logstash host someplace.  You will still need to provide your own host and of course client for viewing the pretty charts and data in the ELK combo.

There will be a simple GUI for configuring the forwarder on pfSense, but it will just be for importing SSL keys and selecting which logs to forward.

Bill

Thanks for working on this!

It would be great. If you need any help testing let me know. I have a fully functioning ELK environment with lumberjack ready to go.

I have a current setup to move the Suricata eve.json file over through some scripts but logstash-forwarder is definitely the way to go.

Dan
Title: Re: Packages wishlist?
Post by: Mithrondil on January 28, 2015, 06:13:19 am
My wishlist. simple package for installing DNSCrypt on pfsense.
Title: Re: Packages wishlist?
Post by: marcelloc on January 29, 2015, 02:44:17 pm
Smokeping

Manual instalation steps for smokeping https://forum.pfsense.org/index.php?topic=87757.msg482632#msg482632
Title: Re: Packages wishlist?
Post by: simonplz on February 04, 2015, 06:23:03 am
Zabbix24-proxy
Title: Re: Packages wishlist?
Post by: doktornotor on February 06, 2015, 06:09:23 am
sslh (http://www.rutschle.net/tech/sslh.shtml)

Quote
What is it?
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.

Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.

Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.

sslh supports IPv6, privilege dropping, transparent proxying, and more.

sslh has been packaged for Debian, Gentoo, FreeBSD and many other operating systems...
Title: Re: Packages wishlist?
Post by: Visseroth on February 06, 2015, 08:52:32 pm
Custom email notification upon system log match would be a great addition.
Title: Re: Packages wishlist?
Post by: chercheur on February 07, 2015, 08:53:57 pm
An updated and working Asterisk package.
Title: Re: Packages wishlist?
Post by: webstor on February 11, 2015, 02:28:59 am
Squid 3.5
Title: Re: Packages wishlist?
Post by: Topper727 on February 11, 2015, 02:32:55 am
http://squidanalyzer.darold.net/

great tool for seeing Squid hits misses with percents when you hover over them


I did manual install and it works great

https://forum.pfsense.org/index.php?topic=87982.new;topicseen#new
Title: Re: Packages wishlist?
Post by: Cino on February 11, 2015, 06:00:54 am
Squid 3.5

https://www.freebsd.org/cgi/ports.cgi?query=squid&stype=all

We'll have to wait until the FreeBSD Port is updated first. Currently its at squid-3.4.11

squid-3.4.11
    HTTP Caching Proxy
    Long description : Changes
    Maintained by: ports@FreeBSD.org
    Also listed in: ipv6
    Requires: perl5-5.18.4_11
Title: Re: Packages wishlist?
Post by: Paul47 on February 14, 2015, 11:58:20 pm
I'd also like to see a dnscrypt package.
Title: Re: Packages wishlist?
Post by: BlueKobold on March 24, 2015, 06:39:26 pm
SMS Server Tools 3 (http://smstools3.kekekasvi.com/index.php?p=)
for having snort and other alarms over SMS to the smartphone or tablet would be great!
Title: Re: Packages wishlist?
Post by: jabo53 on April 09, 2015, 07:49:36 am
A package I would most like to see is one where you can get user reports from captive portal.  The current ones (I have tried so far) lack that capability.  Have looked extensively found many suggestions but none leading to success as yet, still working on it though.

Jabo
Title: Re: Packages wishlist?
Post by: messerchmidt on April 17, 2015, 12:34:41 am
an updated hvap package for 2.2.2 that works without difficult reconfiguration
Title: Re: Packages wishlist?
Post by: dgall on April 17, 2015, 07:56:29 am
A package for only blocking facebook.
Title: Re: Packages wishlist?
Post by: BlueKobold on April 20, 2015, 11:24:41 am
For the internal UPS series from Bicker (http://www.bicker.de/index.php/eng/content/view/full/82) are management software available that is also running under FreeBSD. So this would be cool to see as a package for pfSense.
The software is named UPSilon 2000 and is matching to the entire series as I see it right, and over this
management software it is able to sut down the pfSense firewall at a electric break or cut from the electricity supplier. Here is another link to the hardware:
- IUPS-401 - 400 VA 5,25" (http://www.bicker.de/index.php/eng/content/view/full/286)
Title: Re: Packages wishlist?
Post by: dennypage on April 20, 2015, 11:57:19 am
A package for only blocking facebook.


You can do this with pfBlockerNG and the following list:

 http://bgp.he.net/AS32934#_prefixes (http://bgp.he.net/AS32934#_prefixes)

or

 http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search (http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search)

If you don't want to install pfBlockerNG, you can build your own list from this:

whois -h whois.radb.net '!gAS32934'
Title: Re: Packages wishlist?
Post by: killmasta93 on May 03, 2015, 02:05:04 pm
E2guardian  ;D ;D ;D
cant wait :D :D
Title: Re: Packages wishlist?
Post by: rcfa on May 03, 2015, 06:02:52 pm
would love to have freeswitch

Me too...
...make that FusionPBX
Title: Package and software update notification package
Post by: rcfa on May 03, 2015, 06:11:12 pm
This is one major omission IMO:
We have a notification mechanism that sends out email
Alerts, but it does not alert when software/package updates are available even though the system is aware of them as they are shown on the dashboard...

The pfSense system, particularly in a SoHO setup isn't something I feel like messing around with on a daily basis, it's set & forget for the most part. So there may be weeks going by before I have a reason to log in: then I see close to a dozen packages have updates available.

If I could get e-mail notifications as they become available that would make managing a pfSense setup much smoother.
Title: Re: Packages wishlist?
Post by: Mookz on May 14, 2015, 04:29:13 am
Someone please create a package for http://nxfilter.org!!
It will make pfsense that much more awesome!

I use nxfilter at my office, routing all DNS through it, I create a rule in pfsense that the nxfilter box is the only host allowed to use port 53 to the outside, so all DNS is "forced" through it.
I then setup DNS servers for nxfilter, then I setup DHCP servers and all other devices and hosts on the LAN's/VLAN's to use nxfilter for DNS (DNS Forwarder).
This makes it virtually impossible for anyone to get past the Content filter!

Think of Schools and how handy this would be! (well also enterprise setups)

:)
Title: Re: Packages wishlist?
Post by: bzg on May 22, 2015, 03:26:09 am
must have: nginx  :)
Title: Re: Packages wishlist?
Post by: Mithrondil on May 30, 2015, 10:27:05 am
I'd also like to see a dnscrypt package.

Same here.
Title: Re: Packages wishlist?
Post by: Mithrondil on May 30, 2015, 04:28:41 pm
I also would like to see a pfsense package for FreeNAS ( http://www.freenas.org ), the installation instructions that Ive seen has been way to complex.
Title: Re: Packages wishlist?
Post by: nfr on June 07, 2015, 02:03:33 pm
DNS malware blacklisting using Unbound DNS

I found this project online that will feed in DNS blacklists and create a Unbound DNS file. This would be great as a extra measure to stop malware. It could be modified to allow any text file to be parsed to create a blacklist also.

http://www.digriz.org.uk/network-layer-protection/dns
Title: Re: Packages wishlist?
Post by: doktornotor on June 07, 2015, 02:11:55 pm
DNS malware blacklisting using Unbound DNS

Almost ready... :P

(http://i61.tinypic.com/6pukyg.png)

(http://i60.tinypic.com/f0z2jb.png)
Title: Re: Packages wishlist?
Post by: Carverman on June 14, 2015, 09:57:20 am
A broad band modem monitor to monitor power level, signal level from ISP.  Also, hardware monitoring of system temps, fan speeds, etc.
Title: Re: Packages wishlist?
Post by: shaqan on June 23, 2015, 09:55:29 pm
I'd also like to see a dnscrypt package.

+1
Title: Re: Packages wishlist?
Post by: weltmeyer on June 25, 2015, 02:07:16 pm
Squid 3.5

https://www.freebsd.org/cgi/ports.cgi?query=squid&stype=all

We'll have to wait until the FreeBSD Port is updated first. Currently its at squid-3.4.11

squid-3.4.11
    HTTP Caching Proxy
    Long description : Changes
    Maintained by: ports@FreeBSD.org
    Also listed in: ipv6
    Requires: perl5-5.18.4_11

Squid 3.5.5 seems ready now.

 
squid-3.5.5
HTTP Caching Proxy
Long description : Changes
Maintained by: timp87@gmail.com
Also listed in: ipv6
Requires: perl5-5.20.2_4



Is it possible to update the bin without waiting for a new package?
Title: Re: Packages wishlist?
Post by: yosu on June 30, 2015, 03:34:12 am
I'd also like to see a dnscrypt package.
I'd also like
Title: Re: Packages wishlist?
Post by: lexa500 on June 30, 2015, 09:25:39 am
It would be great to add IPMI support to zabbix proxy (and maybe dependant ipmitool)?
 8)
because now it looks like this in logs
Code: [Select]
76924:20150630:170859.774 **** Enabled features ****
 76924:20150630:170859.774 SNMP monitoring:       YES
 76924:20150630:170859.774 IPMI monitoring:        NO
 76924:20150630:170859.774 WEB monitoring:        YES
 76924:20150630:170859.774 VMware monitoring:      NO
 76924:20150630:170859.774 ODBC:                  YES
 76924:20150630:170859.774 SSH2 support:          YES
 76924:20150630:170859.774 IPv6 support:          YES
 76924:20150630:170859.774 **************************
Title: Re: Packages wishlist?
Post by: A999 on July 01, 2015, 04:13:38 am
Does anybody use paris-traceroute? I hope somebody will add it to pfSense because it's more accurate than regular traceroute or MTR.

Its homepage: http://www.paris-traceroute.net/ (http://www.paris-traceroute.net/) and FreeBSD port: http://www.freebsdsoftware.org/net/paris-traceroute.html

My comparison between MTR and paris-traceroute:

MTR on pfsense:

(https://i.imgur.com/Rwd4wa7.png)

Paris-traceroute from LAN

(https://i.imgur.com/gGh7aXK.png)
Title: Re: Packages wishlist?
Post by: BlueKobold on July 06, 2015, 03:40:57 pm
SoftEther VPN (https://www.softether.org/) is also for FreeBSD 10 available, could be well
comes as a packet for pfSense 2.2.3 or higher. It is a so called VPN server, that offer a wide range,
more vpn variants than the original OpenVPN server, but OpenVPN itself too.

Really fast and wicked with many options and wide VPN features set.
Title: Re: Packages wishlist?
Post by: infinityz on July 06, 2015, 06:09:25 pm
SoftEther VPN (https://www.softether.org/) is also for FreeBSD 10 available, could be well
comes as a packet for pfSense 2.2.3 or higher. It is a so called VPN server, that offer a wide range,
more vpn variants than the original OpenVPN server, but OpenVPN itself too.

Really fast and wicked with many options and wide VPN features set.

+1 and would be awesome to have both client and server. This software is spreading up very quickly and looks to be a real alternative to OpenVPN :-)
Title: Re: Packages wishlist?
Post by: BlueKobold on July 06, 2015, 11:29:29 pm
Quote
+1 and would be awesome to have both client and server.
Would be great I see it also, but there is only a server version available for FreeBSD 10!

Quote
This software is spreading up very quickly and looks to be a real alternative to OpenVPN :-)
This could really be coming up. This software is becoming more and more popular in usage in the wild.

Title: Re: Packages wishlist?
Post by: Criggie on July 29, 2015, 07:02:17 pm
Silly simple one - I'd like to see the Notes package contain a widget that can be displayed on the dashboard.

That way admins see it at login, don't have to go and look.  A web version of "MOTD" if you like.
Title: Re: Packages wishlist?
Post by: Music Wizard on July 31, 2015, 11:36:11 am
E2guardian  ;D ;D ;D
cant wait :D :D
Would be very nice yes :)
Title: Re: Packages wishlist?
Post by: wifiuk on August 02, 2015, 12:56:35 pm
I've searched before posting and i can find anything suitable so im asking here first. Excuse my weak Google-Fu!


I'm looking for a way to export my PfSense information info into my AlienVault OSSIM .

I've found a few guides on the 'tinternet :) but they are for outdated PfSense and OSSIM versions.

Any chance of a plugin that is able to export the logs to OSSIM ?
Title: Re: Packages wishlist?
Post by: Topper727 on August 11, 2015, 06:11:43 am
Still hoping someone can make a package for Pfsense for this.

http://squidanalyzer.darold.net/

great tool for seeing Squid hits misses with percents when you hover over them


I did manual install and it works great

https://forum.pfsense.org/index.php?topic=87982.new;topicseen#new
Title: Re: Packages wishlist?
Post by: cyberbot on August 21, 2015, 04:06:15 pm
Maybe VPN app for Phone And pfsense
Like Cisco one provide log in key every 30 second
Title: Re: Packages wishlist?
Post by: repne on September 13, 2015, 03:47:33 pm
Hey,

I'm wondering about the status of freeradius package. It would seem that most linux distros as well as pfSense currently use freeradius2, but on their website ( http://freeradius.org ) they mention that freeradius2 is EOL and people should upgrade to freeradius3. I'm curious to hear what's the community's stand on this topic. Is freeradius2 still the de-facto standard to use or are there any plans to upgrade to version 3?

Regards!
Title: Re: Packages wishlist?
Post by: BlueKobold on September 13, 2015, 07:08:09 pm
Quote
I'm curious to hear what's the community's stand on this topic. Is freeradius2 still the de-facto standard to use or are there any plans to upgrade to version 3?
If the packet developer is willing to do so it would be coming. Nothing can be changed so fast as other
proclaim it on their website.
Title: Re: Packages wishlist?
Post by: Nachtfalke on September 15, 2015, 03:32:49 pm
Quote
I'm curious to hear what's the community's stand on this topic. Is freeradius2 still the de-facto standard to use or are there any plans to upgrade to version 3?
If the packet developer is willing to do so it would be coming. Nothing can be changed so fast as other
proclaim it on their website.

I am still documented as developer in freeradius2 package but I am not using pfsense and freeradius2 anymore on my job (I changed my job) and so there are not any plan from my point of view to change to freeradius3. Further I am not sure if the code of freeradius2 package is really "good". I am pretty sure a well educated programmer would do most of the code in a more elegant way - but nevertheless as far as I know the syntax between freeradious2 and freeradius3 has changed in many ways and so most parts of the package need to be recoded. This needs time and of course somebody who is interested in to do that. That's not me  ;)
Title: Re: Packages wishlist?
Post by: 1n4001 on October 14, 2015, 10:45:00 am
Who does one need to poke to get freeradius2 stepped up from 2.2.6 to 2.2.9 (which fixes EAP-TTLS issues)?
Title: Re: Packages wishlist?
Post by: aamir2770 on October 15, 2015, 12:43:01 am
Hi,

Is there a possibility of adding an APT (Advanced Persistent Threat) solution package to the packages list.. This would really be a good addition.. :)

Thanx
Title: Re: Packages wishlist?
Post by: mwilliamsr on October 21, 2015, 02:24:17 pm
Would be nice to get ovirt tools or RHEV tools for 2.2.4-RELEASE (freebsd 10.1-RELEASE-p15)...

vmware-tools package been around for a long time and since OVIRT/RHEV is being used more for Linux environments.

 ;D
Title: Re: Packages wishlist?
Post by: Wroxc on November 16, 2015, 05:15:35 pm
some tool on the like of scannow in window . which hashes core operating system files and the matches their hashes against known files and if they are not a match it will  replace corrupt file from a copy already placed on system..

Title: Re: Packages wishlist?
Post by: doktornotor on November 16, 2015, 05:25:00 pm
some tool on the like of scannow in window . which hashes core operating system files and the matches their hashes against known files

Use the fine mtree(8) (https://www.freebsd.org/cgi/man.cgi?query=mtree&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE&arch=default&format=html).
Title: Re: Packages wishlist?
Post by: Wroxc on November 16, 2015, 06:34:14 pm
some tool on the like of scannow in window . which hashes core operating system files and the matches their hashes against known files

Use the fine mtree(8) (https://www.freebsd.org/cgi/man.cgi?query=mtree&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE&arch=default&format=html).

will tinker with it ..
but its great idea to have it figure out the corrupt files (and not look at any config /text /editible ) files.  and replace them.
Title: Re: Packages wishlist?
Post by: elemay on November 21, 2015, 08:07:43 am
Hi,

i'd like to see a bareos-fd package :)

www.bareos.org

thanks.

elemay
Title: Re: Packages wishlist?
Post by: Sherminator on December 04, 2015, 05:49:11 pm
Hi,

i'd like to see a bareos-fd package :)

me, too!
For the last two hours I tried to get the bacula-fd package of pfSense working together with my bareos-dir, but unfortunately without success.
So let's start a bounty? Yes, we can  :D: https://forum.pfsense.org/index.php?topic=103555.0

Many greets
Stephan
Title: Re: Packages wishlist?
Post by: bluepr0 on December 21, 2015, 05:17:16 pm
I would love a package to automatically backup pfsense configuration to different services
Title: Re: Packages wishlist?
Post by: tagwolf on December 24, 2015, 05:56:48 pm
BRO. For the love of God. It's Christmas. <3

But for real. It would be extremely helpful.

Especially considering Barnyard2 + Snort work amazingly well with it.

I find it a critical tool for traffic analysis.

Perhaps a standalone mysql package too.
Title: Re: Packages wishlist?
Post by: Topper727 on January 18, 2016, 03:44:33 am
Hi,

i'd like to see a bareos-fd package :)

www.bareos.org

thanks.

elemay

I don't think they want that because they have premium which does it to thier servers.. but I would like to see this package also.. I am not rich enough to afford premium yet

Quote
pkg install bareos-webui

wonder how to go to next step to use it

Title: Re: Packages wishlist?
Post by: Wroxc on January 18, 2016, 11:41:16 am
Not related to new package but if netflow from  pfflowd can be made to work with SolarWinds Orion network performance analyzer.
Title: Re: Packages wishlist?
Post by: mikesm on February 03, 2016, 10:45:06 pm
I am working now on a logstash-forwarder package for pfSense.  I decided to make it a standalone package that can siphon logs from anything configured to log on the pfsense firewall.  Realize, though, that logstash-forwarder is just that:  a forwarder daemon.  It won't have any pretty charts on pfSense.  It will simply collect logs and ship them off via a SSL connection to a designated Logstash host someplace.  You will still need to provide your own host and of course client for viewing the pretty charts and data in the ELK combo.

There will be a simple GUI for configuring the forwarder on pfSense, but it will just be for importing SSL keys and selecting which logs to forward.

Bill

Thanks for working on this!

It would be great. If you need any help testing let me know. I have a fully functioning ELK environment with lumberjack ready to go.

I have a current setup to move the Suricata eve.json file over through some scripts but logstash-forwarder is definitely the way to go.

Dan

+1.  Any news on progress on the forwarder?  I am trying to get suricata to log properly to a elk vm and am really pulling my hair out.  I'll wait for the forwarder if its close instead investing in the time to get the configuration right.  :)

thanks!
Mike
Title: Re: Packages wishlist?
Post by: elemay on February 15, 2016, 02:47:45 am
Hi,

i'd like to see a bareos-fd package :)

www.bareos.org

thanks.

elemay

I don't think they want that because they have premium which does it to thier servers.. but I would like to see this package also.. I am not rich enough to afford premium yet

Quote
pkg install bareos-webui

wonder how to go to next step to use it

we have a bacula-fd package too.
Title: Re: Packages wishlist?
Post by: nowoe on February 16, 2016, 08:34:40 am
Hi,
Zabbix 3.0 LTS has just been released. Any chance to get the agent and proxy packages sometime soon?

Many thanks.
Title: Re: Packages wishlist?
Post by: elemay on February 24, 2016, 11:36:30 am
Hi,

i'd like to see a bareos-fd package :)

www.bareos.org

thanks.

elemay

I don't think they want that because they have premium which does it to thier servers.. but I would like to see this package also.. I am not rich enough to afford premium yet

Quote
pkg install bareos-webui

wonder how to go to next step to use it

for now i do this:

https://doc.pfsense.org/index.php/Remote_Config_Backup

else you could try this:

https://forum.pfsense.org/index.php?topic=103555.msg587100#msg587100
Title: Re: Packages wishlist?
Post by: mattz0r on February 25, 2016, 11:28:56 am
Hi,
Zabbix 3.0 LTS has just been released. Any chance to get the agent and proxy packages sometime soon?

Many thanks.

+1 to this! Please can we get this updated/released as a package?
Title: Re: Packages wishlist?
Post by: ddaniel51 on March 28, 2016, 07:07:25 pm
Wanted, a port of YAMon to FreeBSD. The author doen't have time to learn FreeBSD for the port and YAMon is a fine grained bandwidth reporting database with a lot of nice features.  YAMon information and install.sh is available at http://www.usage-monitoring.com
Al uses wget and curl in his install.sh to  get the ball rolling.  Html, php and javascript are used in his web display.

I am so spoiled by YAMon that I'll be running a dd-wrt router inline from the network to my pfsense box just to get YAMon's functions.



Title: Re: Packages wishlist?
Post by: cremesk on April 06, 2016, 05:00:43 pm
is an freeipa-client http://freeipa.org/ (http://freeipa.org/) positive to run on pfSense? :)

Sven
Title: Re: Packages wishlist?
Post by: ollopa on April 07, 2016, 04:09:34 am
I'd like to see net-mgmt/tcpreplay available for NanoBSD embedded builds.  Very useful for network troubleshooting and testing.
Title: Re: Packages wishlist?
Post by: anomaly0617 on April 14, 2016, 10:36:02 am
NRPE support would be greatly appreciated. It was available in 2.2.6 but not available in 2.3.0.

I've been working for the past few hours to see if I could replace all the functionality from NRPE with SNMP OIDs, but so far I can't replicate things like total processes. There's a perl script out there to look at how many processes named [WHATEVER] are out there and how much CPU they are using, but not a "tell me if there are over 300 processes running on pfSense" option.

So, looks like I still need NRPE for monitoring remote firewalls.'

Thanks!
Title: Re: Packages wishlist?
Post by: mesb on April 16, 2016, 11:40:07 am
pptp server package would be great  ;D
Title: Re: Packages wishlist?
Post by: jimp on April 18, 2016, 11:04:03 am
pptp server package would be great  ;D

No, that would be a horrible idea. PPTP is dead. Time to move on and drag anyone who thinks otherwise, kicking and screaming, into the current decade. There are already topics that discuss in more detail why there is no justification to keep it, even as a package. We wouldn't accept it.
Title: Re: Packages wishlist?
Post by: mattlach on April 19, 2016, 02:38:08 pm
I'm hoping someone comes along and takes ownership of the APCUPSd package and ports it over to the new interface.

I have the time, but I sadly lack the know-how, or I'd volunteer to do it myself.
Title: Re: Packages wishlist?
Post by: djmax on April 20, 2016, 02:40:17 am
Squid 3 Devel Missing. Danguardian missing ntopng is missing... affff. Also Https Filtering in LAN rule not working properly :(
Title: Re: Package and software update notification package
Post by: rcfa on April 20, 2016, 05:02:55 am
This is one major omission IMO:
We have a notification mechanism that sends out email
Alerts, but it does not alert when software/package updates are available even though the system is aware of them as they are shown on the dashboard...

The pfSense system, particularly in a SoHO setup isn't something I feel like messing around with on a daily basis, it's set & forget for the most part. So there may be weeks going by before I have a reason to log in: then I see close to a dozen packages have updates available.

If I could get e-mail notifications as they become available that would make managing a pfSense setup much smoother.

This would really helpful, and now, with the GUI and package system modernized, I think it would be a good time to add this. I'm not a full-time sysadmin, and if I have to regularly log into the system just to see if there are updates available, that's a waste of time. It would be much more meaningful, given that we have an e-mail notification system in place, if we'd get an e-mail when there are package or system updates ready to be installed.
Title: Re: Packages wishlist?
Post by: rcfa on April 20, 2016, 05:07:19 am
Squid 3 Devel Missing. Danguardian missing ntopng is missing... affff. Also Https Filtering in LAN rule not working properly :(

ntopng is supposedly coming back in the near future.

Dansguardian is missed, but I think at this point switching to e2guardian would be more appropriate.

Also, a browser based file system manipulation/text file editor would be useful, it can be a life-saver in some cases.

vhosts is missed a lot, too. Not like I consider a router a place to put a big web site on, but a static information page on the router is less of a safety issue, than poking holes into the LAN so I can serve it on some computer which then might be open to a variety of attacks.
The web server runs on the system anyway, otherwise I couldn't administer the unit from afar.
Title: Re: Packages wishlist?
Post by: djmax on April 21, 2016, 04:33:57 am
Squid 3 Devel Missing. Danguardian missing ntopng is missing... affff. Also Https Filtering in LAN rule not working properly :(

ntopng is supposedly coming back in the near future.

Dansguardian is missed, but I think at this point switching to e2guardian would be more appropriate.

Also, a browser based file system manipulation/text file editor would be useful, it can be a life-saver in some cases.

vhosts is missed a lot, too. Not like I consider a router a place to put a big web site on, but a static information page on the router is less of a safety issue, than poking holes into the LAN so I can serve it on some computer which then might be open to a variety of attacks.
The web server runs on the system anyway, otherwise I couldn't administer the unit from afar.


How could Browser baes Maniulation ??? method if u can share ? also how can block Proxy Sites :(
Title: Re: Packages wishlist?
Post by: djmax on April 21, 2016, 04:58:43 am
And can anyone help me that how can I limit the bandwidth for single user... Thanks!
Title: Re: Packages wishlist?
Post by: zythra on April 21, 2016, 11:21:25 pm
+1 for e2guardian.  This is the one thing keeping me from completely moving over to pfSense.
Title: Re: Packages wishlist?
Post by: Marc A. Mapplebeck on April 24, 2016, 08:07:06 pm
Seeing as filer is no longer maintained, therefore was not brought forward.

I would love to see a simple package for creating/editing/maintaining wpad.da wpad.dat proxy.pac files.

Whether it be a simple tool to specify the text parameters for autoconfigure, and it automatically creates the 3 files.  Or, a more advanced tool that allows you to add the parameters through a form, and the tool generates the appropriate files automatically(ensuring that syntax is proper).

File Editor works fine, however, it does not have the ability to create files, therefore I need to scp 3 template files before modifying them.  Perhaps just adding the ability to create files would suffice, combined with a gui option for creating symbolic links(just to simplify the process, modify one file to update all 3)

 - M

Edit:  This might not even be a new package, rather an addition to the existing squid package.
Title: Re: Packages wishlist?
Post by: Marc A. Mapplebeck on April 25, 2016, 12:51:33 pm
Building on my last post, it would also be nice to have the ability, from within the lightsquid module, to modify the realname.cfg and groups.cfg files.  This would just make life a little bit easier for managing the reports.

 - M
Title: Re: Packages wishlist?
Post by: W4RH34D on April 28, 2016, 07:08:00 pm
In my most wanting of wanting shooting for the stars here.  Total information integration with the network it is hosting via syslog, snmp, rmon etc etc and having that machine data indexable. 

I can't afford solar winds.  ROFL.


Pfsense is great guys, really enjoy working with it.
Title: Re: Packages wishlist?
Post by: oben on May 01, 2016, 03:24:11 am
The big ones for me are:

privoxy  - a configurable http proxy - ad blocker

tor  - needs no expl.

dante  - a SOCKS proxy

Title: Re: Packages wishlist?
Post by: Exordium on May 01, 2016, 03:41:45 am
Nagios-NRPE Support for monitoring.
Title: Re: Packages wishlist?
Post by: alexolivan on May 02, 2016, 04:18:25 am
munin-node for monitoring.

bring back check_mk and NRPE for monitoring 2.3

Kind regards
Title: Re: Packages wishlist?
Post by: shaqan on May 04, 2016, 05:55:06 am
suricata that would work without issues.
Title: Re: Packages wishlist?
Post by: qqlaw on May 05, 2016, 01:14:30 pm
bandwidthd

vnstat

ntopng
Title: Re: Packages wishlist?
Post by: kleinem on May 09, 2016, 08:37:03 am
LISP support - requires kernel modification aswell tho.
Title: Re: Packages wishlist?
Post by: rickbaran on May 10, 2016, 02:41:47 pm
Nagios-NRPE Support for monitoring.
Title: Re: Packages wishlist?
Post by: arrmo on May 10, 2016, 08:44:04 pm
mbuffer (and mhash, needed by mbuffer) would be great - have my replacement for bandwidthd working, but need mbuffer to really make it work ... ;)

Thanks!
Title: Re: Packages wishlist?
Post by: humps on May 12, 2016, 11:43:39 am
Bring back NTOPNG!
Seriously missing this package in pfsense 2.3
Title: Re: Packages wishlist?
Post by: esseebee on May 15, 2016, 06:30:00 pm
Agreed with NTOPNG. Watching this on github with great anticipation.

https://github.com/ntop/ntopng/issues/297
Title: Re: Packages wishlist?
Post by: mrpsycho on May 30, 2016, 02:58:19 am
my wishlist:

mc
exim OR postfix OR sendmail OR ssmtp OR any other MTA to create openrelay
nginx web GUI - to set up virtualhosts, upstreams. (for example take some expirience from Ajenti (http://ajenti.org/))
docker - it will allow set up almost any service
monit
munin
Title: Re: Packages wishlist?
Post by: heimdalx on June 09, 2016, 09:57:14 am
My wish is very simple . . .  fail2ban or equivalent.  Where I could setup arguments to scan the logs and modify firewall rules based off those.

Currently running fail2ban on many downstream devices paired with IPtables and it works great.  It would be nice to have the package scan remote logs as well; for instance, scan Apache logs and make changes at the firewall when an attack is happening.
Title: Re: Packages wishlist?
Post by: StygianAgenda on June 09, 2016, 12:24:35 pm
xrdp

Specifically, because it would be great to be able to create an RDP gateway within my pfsense edge router, so that I don't have to maintain xrdp on a separate VM.
Regardless of method though, even if it were just a pkg that could be manually installed via the shell by advanced users and then appropriately (manually) firewalled and natted, it would be a great edition to the selection of packages.

..and while I'm here... THANK YOU! <- to whoever got the BIND-DNS package back online for the newest build.  Whoever did the work on that has my eternal gratitude.  I only wish I had waited a few more days before migrating builds because I could have saved myself a *lot* of work.
Title: Re: Packages wishlist?
Post by: sammcj on June 17, 2016, 03:08:53 pm
Title: Re: Packages wishlist?
Post by: cmcologne on June 18, 2016, 01:25:07 am
I would like to have arpwatch back. Is there anyone who could convert it to bootstrap?
Title: Re: Packages wishlist?
Post by: SoulLeader on June 19, 2016, 05:11:39 pm
My request is that add in the available packages samba 4 or which is newest version.
I think many people will be glad if this package can install and configurate via webgui.
Title: Re: Packages wishlist?
Post by: hidalgo on June 30, 2016, 06:30:23 pm
I would like to see a package for installing UniFi controller like in this project https://github.com/gozoinks/unifi-pfsense (https://github.com/gozoinks/unifi-pfsense)

I donít know what the project owner is planning, maybe he needs some help and support, but Iím not able to do so. I wrote a little feedback with some ideas

I used your script to install unifi 5.0.8 into my pfSense 2.3.1_p5. Had to modify the download URL. It would be nice to see a pfSense package. I think it would be a good idea to separate the install script from the unifi software so it can be used whenever unifi changes the software.
What do you think about having your script integrated in the pfSense GUI maybe under the Service menu? From this UniFi Service menu it would be possible to install or update the controller software with all its dependencies as the script does now. But it will not download the controller software by itself. The user has to download it first from the UBNT site to his local computer. Then he choose the downloaded zip file to upload it to the pfSense. Also within the Service menu it will be possible to start or stop the controller, of course its status will be shown on  the dashboard of pfSense.


and get this answer

Thank you for the feedback.

A proper pfSense package was the original intention of the project, but I struggled with the requirement that the package include all binaries. Since this project requires software from Ubiquiti that we can't redistribute ourselves, I stalled on that.

At least, that was the case with <2.2. Now that 2.3 and later are using a different approach to packaging, that restriction may no longer be present. However, I have not dug into it all to figure out how best to proceed.

Consider bringing this up as an issue on the repository. I'd love to continue the discussion there, in case someone else sees an easier path forward. Feel free to contribute yourself as well!


Maybe someone here is willing to help this project going on.
Title: Re: Packages wishlist?
Post by: jimp on June 30, 2016, 06:33:51 pm
The restriction is still the same: that software can't be redistributed as a package.
Title: Re: Packages wishlist?
Post by: hidalgo on July 01, 2016, 03:25:42 am
With my idea the package does not have to redistribute the software. The package would only install the dependencies and and gives a GUI to enter the URL of the software. I donít think that would be a problem. Or am I wrong?
Title: Re: Packages wishlist?
Post by: jason001 on July 09, 2016, 05:13:48 am
@ Admin?

Is there anyway to bring back MailScanner?

and is there a way to use 3rd party AV with pfsense?
Title: Re: Packages wishlist?
Post by: tdi on July 21, 2016, 06:19:00 am
Filebeat - https://www.elastic.co/products/beats/filebeat.

Anyone working on this?
Title: Re: Packages wishlist?
Post by: dvl on July 27, 2016, 10:21:04 pm
bacula-client so I can back up my configuration

We once had it.
Title: Re: Packages wishlist?
Post by: kklouzal on August 13, 2016, 12:11:42 am
SAMBA!!
Title: Re: Packages wishlist?
Post by: bbassotti on August 24, 2016, 07:11:41 am
Oauth2 proxy for Captive Portal:

A reverse proxy that provides authentication with Google, Github or other provider

https://github.com/bitly/oauth2_proxy
Title: Re: Packages wishlist?
Post by: sahbana on August 28, 2016, 10:54:24 am
Please, add allow or deny MAC Address on pfSense+Proxy Server.

Thank you.
Title: Re: Packages wishlist?
Post by: Sean Choquette on September 03, 2016, 04:20:08 pm
I miss BandwidthD  :'(
Title: Re: Packages wishlist?
Post by: planetinse on September 08, 2016, 10:54:48 am
Updated Postfix please :)
Title: Re: Packages wishlist?
Post by: Tom7141 on September 14, 2016, 04:09:39 am
Updated Postfix please :)

+ 1 for this
Title: Re: Packages wishlist?
Post by: kklouzal on September 22, 2016, 06:39:06 am
Samba.
Title: Re: Packages wishlist?
Post by: q54e3w on September 28, 2016, 08:25:16 pm
Oauth2 proxy for Captive Portal:

A reverse proxy that provides authentication with Google, Github or other provider

https://github.com/bitly/oauth2_proxy

+1
Title: Re: Packages wishlist?
Post by: hornetx11 on September 30, 2016, 12:07:19 pm
Updated Postfix please :)

+ 1 for this

+ 1 for this too
Title: Re: Packages wishlist?
Post by: biggsy on October 03, 2016, 04:42:36 am
An updated postfix package isn't going to happen.  That was announced on GitHub.

What I resorted to was creating a new FreeBSD VM and installing postfix on that - as suggested in the postfix thread. 

When that was working I put fail2ban on there as well.  I'd often thought about using those two together.  fail2ban updated a local pf table to block the spammers but I wasn't happy with the spammers getting past pfSense to the postfix/fail2ban server.

Then I found that I could have fail2ban call OpenBGPD to update an alias table on pfSense.  A feedback loop.  Who knows why the authors of OpenBGPD put that feature in but I'm sure glad they did.

In the end it's a better solution than postfix on pfSense but it was far from a trivial exercise for me  ;)
Title: Re: Packages wishlist?
Post by: borkov on October 29, 2016, 09:42:02 pm
Would love to have DNSCrypt.

Thanks!!!!!
Title: Re: Packages wishlist?
Post by: allxi on November 22, 2016, 03:17:47 am
ZoneMinder https://forum.pfsense.org/index.php?topic=111252.msg671442
Title: Re: Packages wishlist?
Post by: robertfranz on November 25, 2016, 04:21:51 pm
Filebeat - https://www.elastic.co/products/beats/filebeat.

Anyone working on this?

I though at one time that I wanted this too.

Just now getting back to working on my Elk stack, and I'm not really sure what it would do for us that syslog-ng won't do already, as syslog-ng answers the issues of udp transport by offering tcp.

We still have to parse the log entries to put them into a form we find useful.

Was there some other factor I'm now forgetting?
Title: Re: Packages wishlist?
Post by: chrcoluk on December 03, 2016, 05:13:23 pm
nano
dnscrypt-proxy
rsync
some kind of web server as I need to redirect ad/tracking/malware links to a local png file.

I have decided to make these packages myself, although I am fluent with FreeBSD I need to learn the pfsense specifics in converting these to acceptable pfsense packages so bear with me.  I am also adding bash to the list.
Title: Re: Packages wishlist?
Post by: jimp on December 06, 2016, 01:48:10 pm
nano
rsync

These are already in the repository and do not require anything in the pfSense GUI. Just run "pkg install nano" for example and you can get them now.

some kind of web server as I need to redirect ad/tracking/malware links to a local png file.

You can run additional instances of nginx by hand with your own custom config files, no need to pull in another web server package.
Title: Re: Packages wishlist?
Post by: chrcoluk on December 06, 2016, 01:52:31 pm
this is interesting as they not listed on the packages page, is there a way to list whats in the cli repository?
Title: Re: Packages wishlist?
Post by: jimp on December 06, 2016, 01:57:45 pm
You can use "pkg search x" where "x" is a substring of what you want to find:

Code: [Select]
: pkg search nano
nano-2.7.0                     Nano's ANOther editor, an enhanced free Pico clone
: pkg search rsync
rsync-3.1.2_5                  Network file distribution/synchronization utility
Title: Re: Packages wishlist?
Post by: averythomas on December 13, 2016, 03:40:57 pm
A package that tracks ad domains and replaces ad pictures with cats. Like this but integrated into pfsense: http://www.makeuseof.com/tag/how-to-make-a-wifi-network-that-only-transmits-cat-pictures-with-a-raspberry-pi/
Title: Re: Packages wishlist?
Post by: jc2it on January 23, 2017, 12:25:09 pm
yara seems like a good idea for malware detection and may be a good fit for pfSense.

http://virustotal.github.io/yara/ (http://virustotal.github.io/yara/)
Title: Re: Packages wishlist?
Post by: yodaphone on January 27, 2017, 10:42:50 pm
A package that tracks ad domains and replaces ad pictures with cats. Like this but integrated into pfsense: http://www.makeuseof.com/tag/how-to-make-a-wifi-network-that-only-transmits-cat-pictures-with-a-raspberry-pi/

doesnt pfBlockerNG + Squid can already do this in pfsense.? not replace with Cats though
Title: Re: Packages wishlist?
Post by: anompi on February 03, 2017, 08:44:49 am
In pfSens to be able to see and delete packages using the webinterface, without the need to have an interne connection.

I use pfSense in a private cloud en was used to add all possible needed packages in the pfSense template. Then after installation I remove the packages which are not needed. This wordked perfect in the 2.2.x release.

But in the 2.3 release this is not possible anymore. Even worse, after manual removeing the package from the config.xml, after the reboot it keeps me asking that all packages must be reinstalled, and fails because the is (on purpose) no internet package source available.

The deployed pfsense will never show its dashboard again. (I just don't have internet available here).


So what do I wish:  remove the absolute need to have an interne connection just to show and delete installed packages.



Is there a manual available how to create my own pfSense and pfsense package repository for pfSense 2.3? 


Thanks in advance!
Title: Re: Packages wishlist?
Post by: dvl on February 03, 2017, 02:12:58 pm
bacula-client so I can back up my configuration

We once had it.

Now I install this from my own poudriere repo.

I still have to do this after every reboot:

mkdir /var/db/bacula
service bacula-client onestart

But at least now I have backups.
Title: Re: Packages wishlist?
Post by: yodaphone on February 06, 2017, 12:57:04 pm
How about Wireguard.

https://www.wireguard.io/

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Looks very interesting & worth a look. attaching some perf. charts from their website
Title: Re: Packages wishlist?
Post by: AR15USR on February 14, 2017, 12:17:32 pm
Another vote for Filebeat.

Need it to ship the Snort log file to my ELK machine..
Title: Re: Packages wishlist?
Post by: logdog on February 16, 2017, 08:49:47 am
Is there anyway to bring back MailScanner for 2.3.*?
Title: Re: Packages wishlist?
Post by: maus on February 18, 2017, 10:40:45 pm
These packages are already available in FreeBSD,so there shouldn't be too much trouble porting into pfSense. Any work helping to create a free Internet will be much appreciated.

1. shadowsocks-libev (https://github.com/shadowsocks/shadowsocks-libev) ,under GNU General Public License
Intro

Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes.
It is a port of Shadowsocks created by @clowwindy, and maintained by @madeye and @linusyang.
Current version: 3.0.2 | Changelog

2. kcptun (https://github.com/xtaci/kcptun) ,under MIT License
(https://github.com/xtaci/kcptun/raw/master/kcptun.png)

Shadowsocks provides proxy,and Kcptun deals with packet loss.Ipset will also be needed to specify if a certain domain should go proxy or connect directly.The DNS query should go proxy as well to anti DNS pollution.
Title: Re: Packages wishlist?
Post by: tdhuck on March 31, 2017, 08:32:32 am
Would love to have DNSCrypt.

Thanks!!!!!

would really like to see this as a package in pfsense, as well.
Title: Re: Packages wishlist?
Post by: marcelloc on March 31, 2017, 08:55:20 am
Would love to have DNSCrypt.

Thanks!!!!!

would really like to see this as a package in pfsense, as well.


according to documentation, the native unbound dns service used on pfSense can be complied with DNSCrypt

https://dnscrypt.org/#dnscrypt-server

Code: [Select]
Running your own DNSCrypt server

.
.
.
unbound, a validating, recursive, and caching DNS resolver, can also act as a DNSCrypt server when compiled with --enable-dnscrypt.

Refer to DNSCrypt Options section in unbound.conf(5) for configuration options.

Deployment
Title: Re: Packages wishlist?
Post by: tdhuck on March 31, 2017, 09:00:02 am
Would love to have DNSCrypt.

Thanks!!!!!

would really like to see this as a package in pfsense, as well.


according to documentation, the native unbound dns service used on pfSense can be complied with DNSCrypt

https://dnscrypt.org/#dnscrypt-server

Code: [Select]
Running your own DNSCrypt server

.
.
.
unbound, a validating, recursive, and caching DNS resolver, can also act as a DNSCrypt server when compiled with --enable-dnscrypt.

Refer to DNSCrypt Options section in unbound.conf(5) for configuration options.

Deployment

i was looking for a package that could be enabled in the GUI, i have no idea how to implement using the instructions you posted (i found that information, yesterday, while looking at their site).

thank you for sharing.
Title: Re: Packages wishlist?
Post by: marcelloc on March 31, 2017, 09:19:19 am
I was looking for a package that could be enabled in the GUI, i have no idea how to implement using the instructions you posted (i found that information, yesterday, while looking at their site).

thank you for sharing.

The first step is to compile and create unbound package with this feature on a Freebsd 10.3 to replace on you pfSense 2.3.3 testing machine.

If the works, the next steps are findind the best way to run it(as a proxy + sever, just a proxy, just a server, etc...) and then create gui files that configure these extra steps, blacklist downloads, acls, etc....

not that easy but not impossible too.

EDIT: looks like de unbound source does not have the dnscrypt embedded but the wrapper looks like 'simple' to include
https://github.com/Cofyc/dnscrypt-wrapper/
Title: Re: Packages wishlist?
Post by: MarcoP on April 12, 2017, 08:17:23 am
Hi,

as for arpwatch, is it just a matter of converting current HTML/CSS to Boostrap?

cheers
Title: Re: Packages wishlist?
Post by: swmspam on April 17, 2017, 08:36:11 am
Would love to have DNSCrypt.

Thanks!!!!!

+1 for DNScrypt as an installable under the GUI package manager with a services tab and entry on the services monitoring dashboard window.
Title: Re: Packages wishlist?
Post by: zentex on May 11, 2017, 03:47:05 pm
The Xymon client would be nice for monitoring of pfsense. I see posts going back 5 years on the forums but no "official package" has ever been added.

I went looking today, and I see zabbix is now in the packages, but still no xymon  :'(
Title: Re: Packages wishlist?
Post by: RadOD on May 22, 2017, 02:34:08 pm
Something along the lines of smokeping for ISP quality monitoring.
Title: Re: Packages wishlist?
Post by: dennypage on May 22, 2017, 06:53:35 pm
Something along the lines of smokeping for ISP quality monitoring.

The Quality Graph, which offers much the same information as smoke ping, can be found in Status / Monitoring.
Title: Re: Packages wishlist?
Post by: RadOD on May 23, 2017, 12:17:54 am
Something along the lines of smokeping for ISP quality monitoring.

The Quality Graph, which offers much the same information as smoke ping, can be found in Status / Monitoring.

Huh, I never realized it could be configured.  I thought it was just for CPU.

Still, I like to monitor specific IP addresses such as my ISP gateway and VPN targets and compare to generic websites to find problems early.
Title: Re: Packages wishlist?
Post by: vagnyj on May 27, 2017, 07:21:22 am
Hello everyone, is there an opportunity to install package Virtual Box ? With web management as implemented in Nas4free.  In the photo example of management virtual box on Nas4free
Title: Re: Packages wishlist?
Post by: jahonix on May 27, 2017, 05:59:48 pm
Virtual Box
No.
This is your firewall, not a hypervisor.
However, you can install a virtual pfSense on a hypervisor.
Title: Re: Packages wishlist?
Post by: msanangelo on May 27, 2017, 10:17:39 pm
Would really love an implementation of either of the following

- Freenas
- Bacula Server
- Simple FTP server for file storage
- Samba (with UI)

Most of the above are already available in some adhoc way on pfsense (except bacula server and Freenas) , but really appreciate a UI based installation and management.

thanks

I second this. A FTP Server and Samba in particular. If a store bought consumer router can do it, why not pfsense? Surely it can do it better, more secure, and faster. :)
Title: Re: Packages wishlist?
Post by: jahonix on May 28, 2017, 06:26:31 pm
If a store bought consumer router can do it, why not pfsense?
Maybe because pfSense is a more serious contender in the firewall business and not one of the flaky consumer routers you better throw as far as your aching back lets you?
Title: Re: Packages wishlist?
Post by: BBcan177 on May 28, 2017, 06:33:16 pm
If a store bought consumer router can do it, why not pfsense?
Maybe because pfSense is a more serious contender in the firewall business and not one of the flaky consumer routers you better throw as far as your aching back lets you?

http://thehackernews.com/2017/05/samba-rce-exploit.html
https://lists.samba.org/archive/samba-announce/2017/000406.html
https://www.shodan.io/report/FoqqpNmw
Title: Re: Packages wishlist?
Post by: msanangelo on June 01, 2017, 06:50:56 pm
If a store bought consumer router can do it, why not pfsense?
Maybe because pfSense is a more serious contender in the firewall business and not one of the flaky consumer routers you better throw as far as your aching back lets you?

Really? it's been a stellar firewall so far. it will more than happily block things but I have to fight it to allow things. can't even forward port 80 that worked fine on the tp-link it replaced and also worked on a VM behind the main pfsense router. the data usage stats are practically useless without an added package. So far, ddwrt worked better and wasn't so annoying. I might enjoy pfsense more if it wasn't so featureless. All I'm asking is a couple programs to make it a bit more useful on the LAN side. Also, is it too much to ask for some critical software patches around here? I've got 4 vulnerable packages in 2.3.3 and my only hope is to wait for 2.4. whenever that'll be released.  >.>

http://thehackernews.com/2017/05/samba-rce-exploit.html
https://lists.samba.org/archive/samba-announce/2017/000406.html
https://www.shodan.io/report/FoqqpNmw

I'm aware of that. I'm not dumb enough to put samba or ftp on the wan. I just want it for the lan.
Title: Re: Packages wishlist?
Post by: marcelloc on June 01, 2017, 07:07:37 pm
is it too much to ask for some critical software patches around here?

If you need the feature and know how to configure it under console/config files, you can enable freebsd repo and install the packages you need.

Also, pfSense has a great GUI framework that you can use to create your own packages with xml files and php script to check selected options and create config files.

What packages from 2.3.3 are vulnerable?
Title: Re: Packages wishlist?
Post by: dennypage on June 01, 2017, 09:36:36 pm
Also, is it too much to ask for some critical software patches around here? I've got 4 vulnerable packages in 2.3.3 and my only hope is to wait for 2.4.

What packages? And is there a reason that you haven't installed the 2.3.4 update?
Title: Re: Packages wishlist?
Post by: gerby123 on June 05, 2017, 11:19:12 am
Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3
Title: Re: Packages wishlist?
Post by: jimp on June 05, 2017, 11:35:25 am
Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

That's been on my to-do list for a while. It's just a lot of work, having to go through and rearrange everything to the 3.x directory layout and changes in the config.
Title: Re: Packages wishlist?
Post by: gerby123 on June 05, 2017, 11:57:40 am
I have no experience writing PFSense packages but I'd be willing to contribute.

Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

That's been on my to-do list for a while. It's just a lot of work, having to go through and rearrange everything to the 3.x directory layout and changes in the config.
Title: Re: Packages wishlist?
Post by: kroem on June 08, 2017, 06:09:57 am
Virtual Box
No.
This is your firewall, not a hypervisor.
However, you can install a virtual pfSense on a hypervisor.
...and ASR's, NCS's, PTX's etc are not routers? :)
Title: Re: Packages wishlist?
Post by: jimp on June 09, 2017, 09:46:18 am
I have no experience writing PFSense packages but I'd be willing to contribute.

Given that the freeradius2 port is expiring the end of June 2017 (this month) I'd be interested in seeing freeradius3 make it in to PFSense
https://www.freshports.org/net/freeradius2
https://www.freshports.org/net/freeradius3

That's been on my to-do list for a while. It's just a lot of work, having to go through and rearrange everything to the 3.x directory layout and changes in the config.

FreeRADIUS 3 package is available on 2.4 snapshots for testing now, try it out and post feedback here: https://forum.pfsense.org/index.php?topic=131883.0
Title: Re: Packages wishlist?
Post by: rcfa on June 11, 2017, 12:00:30 pm
Virtual Box
No.
This is your firewall, not a hypervisor.
However, you can install a virtual pfSense on a hypervisor.

Well, this reminds me about the old joke about a catholic and a protestant priest: The former starts to smoke his pipe while reading the prayerbook, when the latter interrupts him and asks: "Excuse me, I don't want to be nosy, but I asked my bishop if it's OK to smoke while praying, and he answered me, I should not be distracted from paying through smoking. What's the catholic's stance on this matter?"
To which the catholic priest answers: "Very interesting! See, I asked my bishop if it's OK to pray while smoking, and he answered, it's always OK to pray."

So, of course, a firewall isn't a hypervisor. But assume you have a server box at a colocation provider, you pay per rack space. So, you can either just run the server protected only by whatever mediocre protection the host OS allows for, or you run pfSense and run the server in VirtualBox within. So, you see, this is all a matter of perspective.

Having a hypervisor box, that runs both pfSense and the server OS is theoretically possible, but much harder to administer, and it requires rather expensive, bare-metal hypervisor software, while pfSense community edition and VirtualBox are both available free for people running small services on a limited budget.

In my case, I have somewhere a pfSense unit at a colo provider, to allow me some specialized VPN type applications. The system is, in terms of CPU power, underutilized, because it's rather low traffic. With the coming requirements for pfSense, I'll have to upgrade to an even more powerful CPU. Needless to say, running a web server or some other small services on the same box would not be undesirable, given that I already pay for the rackspace. vhost has gone the way of the dodo, so VirtualBox would get a lot more utility out of the whole thing, without in any significant way affecting security negatively.

pfSense is useful for a whole lot more than just a plain vanilla firewall; if it's just the latter I'd need, I could use a much simpler system...
Title: Re: Packages wishlist?
Post by: Perun on June 15, 2017, 03:01:53 am
Hi

it would be nice to have:

- bacula client
- icinga2 client (yes I know there is nrpe)

Greetz
Title: Re: Packages wishlist?
Post by: mf72 on August 07, 2017, 04:30:10 am
Hi all,

it would be great to get Ufdbguard as a package for Pfsense.
Is there a way I can contribute / facilate with that request?

Regards
Title: Re: Packages wishlist?
Post by: chidgear on August 24, 2017, 03:19:45 pm
Hi!

I'd Love to have the Ocsinventory-Unix-Agent package available, so I could install it and keep my firewall inventoried with the rest of my computers and servers.
Title: Re: Packages wishlist?
Post by: hescominsoon on August 31, 2017, 08:39:34 pm
How about the latest ntopng package?..:)
Title: Re: Packages wishlist?
Post by: JohnPFsense on September 15, 2017, 06:24:17 am
PassiveDNS

Something like this: https://github.com/gamelinux/passivedns

I find the idea so simple, the potential quite big.

Title: Re: Packages wishlist?
Post by: Music Wizard on October 21, 2017, 02:21:53 pm
ZNC for  2.4.X
Title: Re: Packages wishlist?
Post by: Gil on October 30, 2017, 10:21:21 pm
Been mentioned before - some time ago I believe - Webdav package. - Great for IoT devices.

Title: Re: Packages wishlist?
Post by: Uranus on November 07, 2017, 10:22:11 pm
Package for CUDA installation and compile Suricata with support CUDA.
This will allow even an inexpensive video card to increase the performance without increasing processor power
Title: Re: Packages wishlist?
Post by: BlueKobold on November 08, 2017, 05:31:40 am
Quote
- bacula client
- icinga2 client (yes I know there is nrpe)
Bacula / If you install a soft mirror of two SSDs as RAID1 and one disk is failing you could easy swap it over
and rebuild the system, and during that phasis the second or slave unit from your pfSense HA cluster will do
the entire job within.

Incinga2/ Is a monitoring software and works great together with MySQL on FreeBSD and yes Netgate is
also offering little small computer units such the MinnowTrurbot that you are able to run it there with ease!
Alternately I can say a small unit with CACTI & MRTG will do this job well too! Or did you hear about ELK?
ELK, ElasticSearch, Logstash & Kibana (https://elijahpaul.co.uk/updated-monitoring-pfsense-logs-using-elk-elasticsearch-logstash-kibana-part-1/) It is more to you to write code to get flavor working sensors on
your Incinga2 platform then a packet in pfSense.

Quote
it would be great to get Ufdbguard as a package for Pfsense.
Is there a way I can contribute / facilate with that request?
Please have a look at their pricing list and ask them to do this job it self, based on the commercial
concern it should be in their interest first! Price list (https://www.urlfilterdb.com/pricing/licenses.html)

Quote
PassiveDNS
Would be nice to see how it works on a firewall.

Quote
ZNC for  2.4.X
This is not an IRC bouncer or?

Quote
Been mentioned before - some time ago I believe - Webdav package. - Great for IoT devices.
Is this not more for NAS devices available as a packet?

Quote
Package for CUDA installation and compile Suricata with support CUDA.
Would be Intel Xeon Phi, Intels QuickAssist or DPDK matching better to snort or suricata?
Or a small miniPCIe or PCIe card with an ASIC or FPGA likes the Xilinx Spartan 6 on it?

Title: Re: Packages wishlist?
Post by: bsu3338 on November 10, 2017, 11:56:32 am
I have seen some post about Samba and NTLM for Squid, but I would also like to see Samba included for ntlm_auth in FreeRADIUS 3.x for PEAP authentication against Active Directory.

http://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto

Title: Re: Packages wishlist?
Post by: Deadpool on December 13, 2017, 04:44:02 am
+1 for privoxy
Title: Re: Packages wishlist?
Post by: sektor on January 02, 2018, 10:55:13 pm
My wish is very simple . . .  fail2ban or equivalent.  Where I could setup arguments to scan the logs and modify firewall rules based off those.

Currently running fail2ban on many downstream devices paired with IPtables and it works great.  It would be nice to have the package scan remote logs as well; for instance, scan Apache logs and make changes at the firewall when an attack is happening.

+1 for this as well I think this is a really good idea.
Title: Re: Packages wishlist?
Post by: sektor on January 02, 2018, 10:57:08 pm
Updated Postfix please :)

+ 1 for this

+ 1 for this too

+1 for this as well as instructions for a backup MX
Title: Re: Packages wishlist?
Post by: sektor on January 02, 2018, 11:00:42 pm
An updated postfix package isn't going to happen.  That was announced on GitHub.

What I resorted to was creating a new FreeBSD VM and installing postfix on that - as suggested in the postfix thread. 

When that was working I put fail2ban on there as well.  I'd often thought about using those two together.  fail2ban updated a local pf table to block the spammers but I wasn't happy with the spammers getting past pfSense to the postfix/fail2ban server.

Then I found that I could have fail2ban call OpenBGPD to update an alias table on pfSense.  A feedback loop.  Who knows why the authors of OpenBGPD put that feature in but I'm sure glad they did.

In the end it's a better solution than postfix on pfSense but it was far from a trivial exercise for me  ;)

Could you share how you did this because I currently run fail2ban on my sme server, but am interested in setting up a backup mx and thought I could do it with pfsense, but your way doesn't seem too bad especially being you are passing the rules to pfsense.
Title: Re: Packages wishlist?
Post by: pwilliz on January 12, 2018, 01:38:14 pm
I would like to see an MQTT broker like https://mosquitto.org/ (sonething that handles local MQTT) available in pfSense.

Reason is that there are many scenarios where IOT devices need to be run locally and not in the cloud.

I am currently working on such a product.

Currently we need the consumer to buy a Micro Appliance device running pfSense and then a separate hub to manage MQTT. But MQTT is all about packets, security and network management so putting this on the pfSense device means one less device to manage and better packaging and safety for the consumer.