pfSense Firewall

After testing ClarkConnect firewall for a while, I decided to test another firewall OS. ClarkConnect works really well but the resource usage is high. The system I’m using has an Intel Celeron 850 CPU and 512 MB of RAM. The utilization would always stay over 90% for RAM and over 60% for CPU. According to this page, the high memory usage is by design but I thought the CPU usage was a little too much for what was running. ClarkConnect ran well overall but I wanted to test other systems before settling on one.

The latest firewall OS I’m testing is pfSense. It’s based on FreeBSD 6.1. The install was tricky due to using a USB CD-ROM. Anytime I would boot from the CD, all I would get is a screen full of scrolling error messages. I checked the pfSense forums and found that it is a FreeBSD issue. I had to connect the hard drive to another machine, with a built-in CD-ROM, to perform the install. I moved the hard drive to the firewall enclosure once the install was complete and I was able to setup the LAN and WAN interfaces.

Once setup was complete, I connected to the web configuration page for pfSense. You have an idea about the interface for pfSense if you’ve ever seen the interface for m0n0wall. That’s because pfSense is a fork of m0n0wall.

pfSense comes with basic firewall functions but can easily be expanded to include Squid and Snort through package additions. I installed both of those packages so that it would match what was setup with ClarkConnect. Resource usage is nowhere near what it was for CC.

I have not completed all the testing for pfSense but so far I like it. My connection speed matches what it was with CC, which is a slight improvement over the Linksys router. My only complaint is Squid logging. Right now, there is no way to see if the Squid cache is being utilized or how much drive space is being used. Considering that this is only release 1.0.1 of pfSense, I’m sure that issue will be corrected soon enough.

More details to come.

In this world a man must either be an anvil or hammer. - Henry W. Longfellow

18.Jan.07 BSD, Networking, Security

« Kubuntu on free laptops
It’s not here »

You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.

2 Responses to “pfSense Firewall”

  1. CypherXero | January 20th, 2007 at 1:22 am

    Can you write your own pf rules, or is it a GUI for pf? If you’re curious, here’s my pf ruleset I wrote from scratch for my network firewall:

    http://www.cypherxero.net/pf.txt

  2. wyckedone | January 20th, 2007 at 5:42 pm

    I’m sure you could manually edit the file since SSH access is possible. Also, there is a menu that lets you type in a path/file name to edit it in the web browser.

Leave a Reply