pfSense Packages - What do you use?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

T_Minus

Build. Break. Fix. Repeat
Feb 15, 2015
7,625
2,043
113
I've been using a vanilla pfsense install with minimal configuration changes, and now with my circuit upgraded I'm looking to get a bit more granular in terms of utilization graphs, caching and other security type add-ons.

What are you using in pfsense and how do you like it? Tips/Tricks?

I'm considering:
- Squid + reporting package to view hits/misses/ip usage/etc
- Snort
- Anti-Virus (ClamAV or ?)
- Something to analyze bandwidth / where it's going. Ideally would like to see a graph similar to how vmware does utilization for CPU so you can view 'entire usage %' and then per-core. I'd like to see WAN, LAN, and then each local IP utilization currently / over time and history.
- Security Tweaks (blocking entire countries, and other suggestions?)
- Is there built-in IP list to 100% deny IPs on that list? IE: Using some type of spam or security back-end to populate this list? (Maybe pfBlockerNG)
- What about 'access blocker' for my family... ie: list of sites I can maintain + package for 'not good for kids' sites?

I take it it's not advised to use pfsense as a syslog server too, even though that is a package I see on the list?

Looking forward to hear what everyone else is using, etc...
 
  • Like
Reactions: K D and cperalt1

PigLover

Moderator
Jan 26, 2011
3,184
1,545
113
Use Suricata instead of Snort. Snort is still single threaded and bogs down easily. Suricata processes the same rules but is multi-threaded and will spread the load across all available cores.

Sent from my SM-G950U using Tapatalk
 

gigatexal

I'm here to learn
Nov 25, 2012
2,913
607
113
Portland, Oregon
alexandarnarayan.com
I've been using a vanilla pfsense install with minimal configuration changes, and now with my circuit upgraded I'm looking to get a bit more granular in terms of utilization graphs, caching and other security type add-ons.

What are you using in pfsense and how do you like it? Tips/Tricks?

I'm considering:
- Squid + reporting package to view hits/misses/ip usage/etc
- Snort
- Anti-Virus (ClamAV or ?)
- Something to analyze bandwidth / where it's going. Ideally would like to see a graph similar to how vmware does utilization for CPU so you can view 'entire usage %' and then per-core. I'd like to see WAN, LAN, and then each local IP utilization currently / over time and history.
- Security Tweaks (blocking entire countries, and other suggestions?)
- Is there built-in IP list to 100% deny IPs on that list? IE: Using some type of spam or security back-end to populate this list? (Maybe pfBlockerNG)
- What about 'access blocker' for my family... ie: list of sites I can maintain + package for 'not good for kids' sites?

I take it it's not advised to use pfsense as a syslog server too, even though that is a package I see on the list?

Looking forward to hear what everyone else is using, etc...
+1 to this.

i'm building a pfsense box soon too and am keen to get some good ip blocking going.
 

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
Anti-Virus on the Gateway I find simply disruptive, so I would pass.
Snort is a great IPS; however, for home use, I ran Snort for three years and only had 5 hits which turned out to be false positives from me monkeying around whilst I was remote.

As of a week ago, I have switched to a USG, which provides me the graphs and DPI visualization that I was looking for.
Super tight rules for IoT VLAN and DNS traffic.
Reverse Proxy has been moved to a Nginx instance on Docker
Snort has been turned off.

PFsense can do a lot of things no doubt, but if it were me I would let it be a Firewall/NAT router first, DNS/DHCP second and Reverse Proxy. Everything else you likely don't need or can do better on docker/VMs.
 
  • Like
Reactions: T_Minus