Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Learn pfSense 2.4
Learn pfSense 2.4

Learn pfSense 2.4: Get up and running with Pfsense and all the core concepts to build firewall and routing solutions

Arrow left icon
Profile Icon David Zientara
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3 (1 Ratings)
Paperback Jul 2018 346 pages 1st Edition
eBook
S$36.99 S$52.99
Paperback
S$66.99
Subscription
Free Trial
Arrow left icon
Profile Icon David Zientara
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3 (1 Ratings)
Paperback Jul 2018 346 pages 1st Edition
eBook
S$36.99 S$52.99
Paperback
S$66.99
Subscription
Free Trial
eBook
S$36.99 S$52.99
Paperback
S$66.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Learn pfSense 2.4

Getting Started with pfSense

As the internet approaches its fiftieth anniversary, networked computers have essentially become the norm across much of the world. Computer networks are commonplace, even within the home, and it is not uncommon for households to have multiple internet-connected devices—a trend that undoubtedly will only accelerate with the growing popularity of the internet of things (IoT). With networks becoming part of our basic infrastructure, reliable networking equipment has become as essential as telephone exchanges and railways were to prior generations.

Even if you only have a home network, at a minimum, you will need a router to connect your private network with the public internet and a firewall to provide both ingress filtering (filtering for incoming traffic) and possibly egress filtering (for outgoing traffic). pfSense can perform both functions. In this chapter, we will introduce the pfSense project, explain how pfSense can help secure your network, and introduce you to the pfSense community, from which you can find out more about pfSense, and, hopefully, get answers to questions. Finally, we will briefly discuss the objectives of this book.

Reading this chapter should provide the reader with an understanding of the following:

  • The pfSense project
  • What pfSense can do
  • The pfSense community
  • The objectives of this book

Technical requirements

There are no particular technical requirements for this chapter, as it is simply an overview of pfSense and the book's objectives. Some familiarity with Linux and/or BSD would be helpful, as well as access to a computer that is capable of running pfSense (any modern PC should do); we will discuss the technical specifications in greater depth in the next chapter.

The pfSense project

pfSense runs on the FreeBSD operating system. FreeBSD is an offshoot from Berkeley UNIX—the University of California, Berkeley had acquired a license for AT&T UNIX in the 1970s. Students started to improve on this version of UNIX, and Berkeley Software Distribution (BSD) was founded as a project to make modifications to AT&T UNIX, as well as to distribute this modified version. This version, however, had proprietary AT&T source code in it, and BSD users thus had to obtain a license from AT&T to use it legally. In the late 1980s, however, work began on a project to eliminate AT&T code from BSD in order to produce an open source version of it, thus spawning the FreeBSD project. Since then, FreeBSD has gained a following among those seeking a stable and secure open source variant of UNIX that provides good performance.

pfSense is based on pf, which is OpenBSD's packet filter (itself designed as a replacement for Darren Reed's IPFilter, which OpenBSD had been using up to that point). pf was incorporated into OpenBSD distributions in 2001. pf is a command-line utility, and, as a result, several projects were launched to provide a graphical interface for the pf utility. m0n0wall, initially released in 2003, was the first successful attempt at providing a graphical front end for pf. pfSense, which began as a fork of this project, was another such project.

Version 1.0 of pfSense was released on October 4, 2006. Version 2.0 was released on September 17, 2011. Version 2.1 was released on September 15, 2013, and Version 2.2 was released on January 23, 2015. Version 2.3, released on April 12, 2016, phased out support for legacy technologies such as the Point-to-Point Tunneling Protocol (PPTP), Wireless Encryption Protocol (WEP) and single DES, and also provided a facelift for the web GUI.

Version 2.4, released on October 12, 2017, continues this trend of phasing out support for legacy technologies while also adding features and improving the web GUI. Support for 32-bit x86 architectures has been deprecated (however, security updates will continue for 32-bit systems for at least a year after the release of 2.4), while support for Netgate Advanced RISC Machines (ARM) devices has been added. A new pfSense installer (based on FreeBSD's bsdinstall) has been incorporated into pfSense, and there is support for the ZFS filesystem, as well as the Unified Extensible Firmware Interface (UEFI). pfSense now supports OpenVPN 2.4.x, and as a result, features such as AES–GCM ciphers can be utilized. In addition, pfSense now supports multiple languages; the web GUI has been translated into 13 different languages. At the time of writing, version 2.4.3, released on May 14, 2018, is the most recent version.

pfSense is not the only option if you are looking for open source firewall/router software—it is not even the only software making use of FreeBSD and pf. The m0n0wall project was discontinued in 2015, but there have been several m0n0wall forks since its end of life, including t1n1wall and SmallWall. Manuel Kasper, the developer behind m0n0wall, supports OPNsense, a project that forked from pfSense in 2015. There are also projects such as Shorewall, an open source firewall tool for Linux that builds on Netfilter.

Nevertheless, pfSense is currently the most popular open source firewall/router, and the developer community contributing to the project is strong. It is fairly easy to install and configure, and is useful in a variety of deployment scenarios.

What pfSense can do

To provide a general idea of the versatility of pfSense, consider the following use cases:

  • You have a home network, and need a means of connecting the wireless devices in your house (such as computers, laptops, and tablets) to the internet. Therefore, you need a router (to connect your home network to the internet), a firewall (to perform ingress and egress filtering at the boundary between your private network and the internet), and a wireless access point (to enable wireless devices to connect to your home network). You will likely also want to have a DHCP server to assign IP addresses to devices on the network, and possibly dynamic DNS (DDNS) capabilities, so that you don't have to remember your public IP address when accessing your home network from the outside world. pfSense can perform all these functions.

  • You have a small office/home office (SOHO) network, and you need to connect several computers in your company to the internet. You also want to provide a means of allowing customers to connect to the internet on the same connection, but you want to have some means of controlling their access to the network so they don't use up the bulk of available bandwidth. You also want to keep them from accessing the internal company network. Therefore, you need to have separate subnets for your internal network and for customers, a captive portal to control customers' access to your network, and possibly traffic shaping capabilities to limit the amount of bandwidth used by customers. Again, pfSense can perform all these functions.

  • You are an administrator at a corporation that has an office in another city. You want to provide access to your local corporate network to workers in the remote facility, but you are concerned about confidential corporate information traveling over the public internet. A private WAN circuit is one possible option to allow remote users to connect securely to your network, but private WAN circuits are expensive. Therefore, you decide that the best option is to set up a peer-to-peer VPN connection between your local network and the remote site. You also want to have more than one internet connection, to provide redundancy when one of the connections goes down. As you might have guessed, pfSense allows you to set up VPN connections between networks, and to set up multiple WAN connections.

In short, pfSense can be used in a variety of scenarios, ranging from a simple home network with a handful of internet-connected devices to a corporate network with thousands of users. For those administering corporate networks, commercially available equipment with proprietary technology (such as Cisco switches and routers) may prove to be the better option. Such equipment often performs better under heavy load scenarios, offers integrated voice, video, and data services, and often comes bundled with technical support.

This book, however, is aimed primarily at beginners; therefore, it is generally assumed that the reader is more likely to set up a home network or SOHO network than a corporate network, in which case pfSense is generally a cost-effective, sensible option. There is a great deal of functionality built in to pfSense, and in many cases, when the base install does not provide the functionality you need, there are third-party packages available that do provide such functionality.

The pfSense community

There will be times when you encounter a problem that cannot be solved by referencing this book or by troubleshooting the problem yourself. Although this book provides a detailed procedure for troubleshooting in Chapter 11, Diagnostics and Troubleshooting, it is often expedient to refer the problem to those who are more knowledgeable about pfSense than you are. In such cases, you can turn to the online pfSense community.

The official pfSense forums have recently moved to Netgate's website, which has reorganized the forums and added several more (including many devoted to pfSense international support). Anyone can read the forums, but in order to post on the forums, you must register, which requires you to provide a name and email address. Participation in the official forums can be an effective way of resolving problems and increasing your knowledge of pfSense.

The forums can be found at https://forum.netgate.com.

Reddit has its own pfSense forum, and members of the pfSense development team often participate in this forum. Although Reddit isn't everyone's cup of tea, it is a good place to find out the latest pfSense news, ask questions, and (hopefully) get answers.

The Reddit pfSense forum can be found at https://www.reddit.com/r/PFSENSE/.

Also worth mentioning is the Spiceworks pfSense forum. Spiceworks is a professional network for the IT community. Although the company has its headquarters in Austin, Texas, it has an international presence as well. Their pfSense forum also has polls and how-to guides.

The Spiceworks pfSense forum can be found at https://community.spiceworks.com/networking/pfsense.

Finally, for those who find it easier to watch videos, there are many useful how-to video guides available online. An online search for the pfSense topic in which you need assistance will often turn up multiple videos, of varying degrees of complexity and clarity. YouTube is the most obvious place to look for such videos, although other video sites, such as Vimeo, also have pfSense-related content.

Objectives of this book

The purpose of this book is to explain the basics of pfSense—installing, configuring, and utilizing its services—to the networking beginner. This book does not presuppose any prior knowledge of networking, and thus some of the material is devoted to explaining networking basics. At the same time, this book focuses on pfSense fundamentals—not networking fundamentals—and if you find such explanations inadequate, it might behoove you to find a good networking primer to supplement your reading. For example, any of the popular review guides for the CompTIA's Networking+ exam should prove adequate.

The following are the main topics covered in this book:

  • Installing and configuring pfSense
  • Captive portal configuration
  • Configuration of other basic services (DNS, NTP, SNMP, and so on)
  • Firewall and NAT
  • Traffic shaping
  • VPNs
  • Multiple WANs
  • Routing and bridging
  • Diagnostics and troubleshooting

This book is not aimed at intermediate users—it is aimed mainly at beginners setting up a home for their SOHO network. Therefore, some topics that would be more appropriate in a corporate network scenario have been omitted, such as load balancing and failovers. Other topics that might be worthy of a more extensive treatment in a more intermediate-level book, such as VLANs, have been scaled back somewhat. Also, although third-party packages are mentioned where appropriate, this book does not discuss such packages in any great depth.

Nonetheless, the reader should come away from this book with a basic understanding of how to utilize pfSense in the most common scenarios. If you feel you need to know more about pfSense than the information contained within this book, you might consider another book I authored, Mastering pfSense, which covers intermediate-level topics.

Summary

In this chapter, we introduced FreeBSD and the pfSense project, provided a brief overview of what pfSense can do, mentioned the online pfSense community, and looked at the objectives of this book. In the next chapter, we will provide a survey of the basics of networking, ways in which pfSense can be deployed in typical networks, the hardware requirements for pfSense, and how to install pfSense and do some basic configuration.

Questions

  1. What OS is used to run pfSense?
  2. What does pf stand for?
  3. Name one open source alternative to pfSense.

Further reading

Hansteen, Peter N.M. (2014). The Book of PF: 3rd Edition. San Francisco, CA: No Starch Press. To my knowledge, the only comprehensive guide on pf, the command-line utility upon which pfSense is based.

Left arrow icon Right arrow icon

Key benefits

  • Build firewall and routing solutions with PfSense.
  • Learn how to create captive portals, how to connect Pfsense to your HTTPS environment and so on.
  • Practical approach towards building firewall solutions for your organization

Description

As computer networks become ubiquitous, it has become increasingly important to both secure and optimize our networks. pfSense, an open-source router/firewall, provides an easy, cost-effective way of achieving this – and this book explains how to install and configure pfSense in such a way that even a networking beginner can successfully deploy and use pfSense. This book begins by covering networking fundamentals, deployment scenarios, and hardware sizing guidelines, as well as how to install pfSense. The book then covers configuration of basic services such as DHCP, DNS, and captive portal and VLAN configuration. Careful consideration is given to the core firewall functionality of pfSense, and how to set up firewall rules and traffic shaping. Finally, the book covers the basics of VPNs, multi-WAN setups, routing and bridging, and how to perform diagnostics and troubleshooting on a network.

Who is this book for?

This book is towards any network security professionals who want to get introduced to the world of firewalls and network configurations using Pfsense. No knowledge of PfSense is required

What you will learn

  • Install pfSense
  • Configure additional interfaces, and enable and configure DHCP
  • Understand Captive portal
  • Understand firewalls and NAT, and traffic shaping
  • Learn in detail about VPNs
  • Understand Multi-WAN
  • Learn about routing and bridging in detail
  • Understand the basics of diagnostics and troubleshooting networks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 31, 2018
Length: 346 pages
Edition : 1st
Language : English
ISBN-13 : 9781789343113
Concepts :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jul 31, 2018
Length: 346 pages
Edition : 1st
Language : English
ISBN-13 : 9781789343113
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total S$ 186.97
Mastering pfSense
S$74.99
Learn pfSense 2.4
S$66.99
Network Security with pfSense
S$44.99
Total S$ 186.97 Stars icon

Table of Contents

13 Chapters
Getting Started with pfSense Chevron down icon Chevron up icon
Installing pfSense Chevron down icon Chevron up icon
Configuring pfSense Chevron down icon Chevron up icon
Captive Portal Chevron down icon Chevron up icon
Additional pfSense Services Chevron down icon Chevron up icon
Firewall and NAT Chevron down icon Chevron up icon
Traffic Shaping Chevron down icon Chevron up icon
Virtual Private Networks Chevron down icon Chevron up icon
Multiple WANs Chevron down icon Chevron up icon
Routing and Bridging Chevron down icon Chevron up icon
Diagnostics and Troubleshooting Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
(1 Ratings)
5 star 0%
4 star 0%
3 star 100%
2 star 0%
1 star 0%
SwedishMike Apr 08, 2019
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
This is a decent introduction to pfSense and I fully realise that an introductory book can't cover everything. It covers the basics like installation and initial configuration.There are some things that I think could have been done differently - like for example using 'block a website' as a firewall example feels a bit weird. Maybe showing how to block allow different ports outbound for different hosts could have been a better example - or possibly a second example.One thing I definitely think is missing is talking about logs on the device. Including how to get logs off the device onto a syslog server and/or something like ELK or Splunk.If you have experience of firewalls this book might not be for you - if you're starting on your journey with pfSense it will probably make sense. Pun intended.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.