The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third-party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big-name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.
pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.
pfSense started in 2004 as a fork of the m0n0wall Project (which ended 2015/02/15), though has diverged significantly since.
2.4.5 adds several new features, including:
- OS Upgrade: Base Operating System upgraded to FreeBSD 11-STABLE after FreeBSD 11.3
- Added sorting and search/filtering to several pages including the Certificate Manager, DHCP Leases, and ARP/NDP Tables.
- Added DNS Resolver (Unbound) Python Integration
- Added IPsec DH and PFS groups 25, 26, 27, and 31
- Changed UFS filesystem defaults to
noatimeon new installations to reduce unnecessary disk writes
autocomplete=new-passwordfor forms containing authentication fields to help prevent browser auto-fill from completing irrelevant fields
- Added new Dynamic DNS providers Linode and Gandi
For a complete list of new features, see the Release Notes.
SECURITY / ERRATA
pfSense software release version 2.4.5 addresses several security issues:
- Potential cross-site scripting (XSS) vectors in several GUI pages
- A privilege escalation issue where an authenticated user granted access to the picture widget could run arbitrary PHP code or gain access to pages for which they otherwise would not have privileges
- Added a
UFSfilesystems on upgrade to address FreeBSD-SA-19:10.ufs
- Fixed the format of XMLRPC authentication failure messages so they can be acted upon by
- Added a custom CSRF Error page with warnings and confirmation prompts before resubmitting potentially harmful data
- Addressed FreeBSD Security Advisories & Errata Notices
For complete details about these issues, see the Release Notes.
NOTABLE BUG FIXES
In addition to security fixes, pfSense software version 2.4.5 also includes important bug fixes.
- The default GUI certificate lifetime has been reduced to
825days, to comply with current standards. These standards are being enforced strictly on platforms such as iOS 13 and macOS 10.15. After upgrading to pfSense software version 2.4.5, a new compatible GUI certificate may be generated from the console or SSH with the command
pfSsh.php playback generateguicert
- Several IPsec VTI fixes, including improved handling of IPsec restarts breaking VTI routing
- Fixed several issues with custom view management in Status > Monitoring
- Fixed serial console terminal size handling issues
- Fixed privilege matching issues which may have prevented some users from accessing pages to which they should have had access, such as the User Manager
- Fixed an issue when resolving FQDN entries in aliases where some entries could be missing