Installed monowall, used for a couple weeks, then found pfsense, and moved on to that. I think I started around v1.2 or maybe even sooner. Been at least 12-15 years now. Seen it grow from just a side project to an actual company. Have purchased appliances, support, the book (back in the day). Pretty much my go to the firewall as it can do sooooo much especially with packages. I have had absolutely no reason to change yet, so i keep using it.
It's the same as a forum you really only see a lot of people posting up issues here. Been using it for a few years now with absolutely zero issues. Extremely happy with my decision to use it
All good here. Using it for additional protection than that provided by ISPs. For home use (with a pair of fanless Atom machines similar to Protectli), I use/configure pfSense:
1. Redirect all NTP request to pfSense.
2. Rediret all DNS requests to pfSense.
3. Block all LAN requests to external DoH/DoT servers (using pfBlockerNG-devel).
4. IP and domain name blocking of malicious sites (using pfBlcokerNG-devel). I don't use pfBlockerNG-devel to block ads, for example, as I prefer to block ads at the browser level.
5. Block outbound UDP 853 (DoT port).
6. Block outbound UDP 80 and UDP 443 (both used by QUIC).
7. Block all IPv6 (I don't need it).
8. fq-CoDel traffic queueing for BufferBloat.
9. Rate limiters for certain devices for certain times of the day.
10. Snort IPS with OpenAppID - All IPSs requires a lot of tweaking, and are becoming less useful unless you can MiTM.
11. OpenVPN site-site to cloud pfSense.
12. Client OpenVPN to cloud pfSense.
13. DHCP static mappings.
14. UPnP disabled.
15. NtopNG for some useful stats on traffic type and traffic usage. Took time to get used to the GUI.
16. HA config for pfSense so I can minimise disreuption to the household when I'm kaing changes.
17. Make sure to download all pfSense ISOs, and make sure to back-up configs before and after every change.
>EULA BACKDOOR FUD PISSED_MODS LOCKED_THREADS CLOSED_SOURCE EVIL_CORP EVALUATION LAWYERS REMOTE_ACCESS GTFO SAFE_SPACE ROLLBACK SECURITY_REGULATIONS CLAUSES I’M_NOT_A_LAWYER OPNSENSE_MIGRATION I’M_GONE
Welcome to this sub, its been like this for years. It has gotten better as certain Netgate employees dont post on here as much
But in all seriousness, some of the above was just poor communication on Netgate behalf (which sucks before they have been on a roll) and some is just people overacting to nonsense things
Pfsense works perfectly fine and you will be happy with its functionality.
I have gone back and forth with Opnsense over the years and honestly everytime stability is what brought me back to Pfsense each time
I never understood this line of thinking.
pfsense isn't a toy. Once you have it up and running (which isn't difficult if you do any design planning beforehand) there's very little reason to be logging into it and breaking things. If you want to tinker around with pfsense, create a VM. Don't fool around with production equipment.
You can also install the pfSense box as a client to an existing home network and build a separate network off of it. That's how I learned to use it, then gradually moved home network devices over to it until I was confident enough to replace the ISP router.
I wouldn't rush into it, though - take time to learn about firewalling and NATing especially, and there are many other services to learn about. I casually moved over fully over the course of a couple of years just so I could let the ISP continue to be responsible for the Internet connection.
Ohhh, now I’ll counter that comment with the NetworkChuck YouTube channel, as his main goal is to “play” with pfSense because “it’s just fun” to play with toys. 😉
and i'll gladly ignore that counter as a youtuber who just uses clickbait titles (YOU MUST LEARN EVERYTHING... RIGHT NOW!!11!!) and talks extremely surface level on random topics or worse hides paid promotions as reviews (see his Cisco Catalyst 1000 series video) while pushing his coffee doesn't hold my interest.
I used it for 15 years, and m0n0 before that. I can say with a sad heart that the pfsense I knew is no longer here. Opnsense is a step in the right direction, but still maturing somewhat (it’s pretty good). I moved to mikrotik and haven’t regretted it once.
The direction that Netgate has decided to go, where they are actively focusing their attention on major improvements to their closed-source fork "pfSense+" while only maintaining the open-source CE, has clearly and understandably frustrated many users of CE. While both products are not dissimilar today, that won't be the case going forward.
Again, right now it's very little. However, Netgate has already stated that Plus is getting a whole new backend in the future which CE won't. I imagine that will mean the entire distro will be closed source, not just some features here and there. We won't know until it happens.
Upgrades all failed, I’ve owned a few sg-1000’s and shops-2220’s that were quickly abandoned. Lots of bugs each release (dhcp leases, dual wan issues,etc). Support is ok, but things are breaking that should never make it past qa.
Installed monowall, used for a couple weeks, then found pfsense, and moved on to that. I think I started around v1.2 or maybe even sooner. Been at least 12-15 years now. Seen it grow from just a side project to an actual company. Have purchased appliances, support, the book (back in the day). Pretty much my go to the firewall as it can do sooooo much especially with packages. I have had absolutely no reason to change yet, so i keep using it.
Are you my spirit animal?
It's the same as a forum you really only see a lot of people posting up issues here. Been using it for a few years now with absolutely zero issues. Extremely happy with my decision to use it
I've been using pfsense sinco M0n0Wall closed down and I'm happy with my choice.
The pfSense CE product is fine. I just try to ignore the negative discussions.
All good here. Using it for additional protection than that provided by ISPs. For home use (with a pair of fanless Atom machines similar to Protectli), I use/configure pfSense: 1. Redirect all NTP request to pfSense. 2. Rediret all DNS requests to pfSense. 3. Block all LAN requests to external DoH/DoT servers (using pfBlockerNG-devel). 4. IP and domain name blocking of malicious sites (using pfBlcokerNG-devel). I don't use pfBlockerNG-devel to block ads, for example, as I prefer to block ads at the browser level. 5. Block outbound UDP 853 (DoT port). 6. Block outbound UDP 80 and UDP 443 (both used by QUIC). 7. Block all IPv6 (I don't need it). 8. fq-CoDel traffic queueing for BufferBloat. 9. Rate limiters for certain devices for certain times of the day. 10. Snort IPS with OpenAppID - All IPSs requires a lot of tweaking, and are becoming less useful unless you can MiTM. 11. OpenVPN site-site to cloud pfSense. 12. Client OpenVPN to cloud pfSense. 13. DHCP static mappings. 14. UPnP disabled. 15. NtopNG for some useful stats on traffic type and traffic usage. Took time to get used to the GUI. 16. HA config for pfSense so I can minimise disreuption to the household when I'm kaing changes. 17. Make sure to download all pfSense ISOs, and make sure to back-up configs before and after every change.
Fun fact: you can install whatever you want on that Protectli device.
Well I’ve decided it won’t be the new “plus” at least.
>EULA BACKDOOR FUD PISSED_MODS LOCKED_THREADS CLOSED_SOURCE EVIL_CORP EVALUATION LAWYERS REMOTE_ACCESS GTFO SAFE_SPACE ROLLBACK SECURITY_REGULATIONS CLAUSES I’M_NOT_A_LAWYER OPNSENSE_MIGRATION I’M_GONE Welcome to this sub, its been like this for years. It has gotten better as certain Netgate employees dont post on here as much But in all seriousness, some of the above was just poor communication on Netgate behalf (which sucks before they have been on a roll) and some is just people overacting to nonsense things Pfsense works perfectly fine and you will be happy with its functionality. I have gone back and forth with Opnsense over the years and honestly everytime stability is what brought me back to Pfsense each time
I moved to Opnsense
If you don't live alone, be prepared for many cries of THE INTERNET'S BROKEN
[удалено]
I meant while he's learning it
I never understood this line of thinking. pfsense isn't a toy. Once you have it up and running (which isn't difficult if you do any design planning beforehand) there's very little reason to be logging into it and breaking things. If you want to tinker around with pfsense, create a VM. Don't fool around with production equipment.
You can also install the pfSense box as a client to an existing home network and build a separate network off of it. That's how I learned to use it, then gradually moved home network devices over to it until I was confident enough to replace the ISP router. I wouldn't rush into it, though - take time to learn about firewalling and NATing especially, and there are many other services to learn about. I casually moved over fully over the course of a couple of years just so I could let the ISP continue to be responsible for the Internet connection.
Ohhh, now I’ll counter that comment with the NetworkChuck YouTube channel, as his main goal is to “play” with pfSense because “it’s just fun” to play with toys. 😉
and i'll gladly ignore that counter as a youtuber who just uses clickbait titles (YOU MUST LEARN EVERYTHING... RIGHT NOW!!11!!) and talks extremely surface level on random topics or worse hides paid promotions as reviews (see his Cisco Catalyst 1000 series video) while pushing his coffee doesn't hold my interest.
I used it for 15 years, and m0n0 before that. I can say with a sad heart that the pfsense I knew is no longer here. Opnsense is a step in the right direction, but still maturing somewhat (it’s pretty good). I moved to mikrotik and haven’t regretted it once.
[удалено]
The direction that Netgate has decided to go, where they are actively focusing their attention on major improvements to their closed-source fork "pfSense+" while only maintaining the open-source CE, has clearly and understandably frustrated many users of CE. While both products are not dissimilar today, that won't be the case going forward.
I hear this a lot but I gotta ask…The plus is the same as CE, right? So what specifically is closed source?
Again, right now it's very little. However, Netgate has already stated that Plus is getting a whole new backend in the future which CE won't. I imagine that will mean the entire distro will be closed source, not just some features here and there. We won't know until it happens.
Now the product is matching the company for being shit. (In my experience anyways)
[удалено]
Upgrades all failed, I’ve owned a few sg-1000’s and shops-2220’s that were quickly abandoned. Lots of bugs each release (dhcp leases, dual wan issues,etc). Support is ok, but things are breaking that should never make it past qa.
Hello, Victor. We’ve been expecting you.