pfSense 2.0 RELEASE

[h0sch1]

Hi

pfSense 2.0 ist seit heute Nacht da.

New Features and Changes:

Interfaces:

- GRE tunnels
- GIF tunnels
- 3G support
- Dial up modem support
- Multi-Link PPP (MLPPP) for bonding PPP connections (ISP/upstream must also support MLPPP)
- LAGG Interfaces
- Interface groups
- IP Alias type Virtual IPs
- IP Alias VIPs can be stacked on CARP VIPs to go beyond the 255 VHID limit in deployments that need very large numbers of CARP VIPs.
- QinQ VLANs
- Can use Block Private Networks / Block Bogon Networks on any interface
- All interfaces are optional except WAN
- All interfaces can be renamed, even LAN/WAN
- Bridging enhancements - can now control all options of if_bridge, and assign bridge interfaces

IPsec:

- Multiple IPsec p2's per p1 (multiple subnets)
- IPsec xauth support
- IPsec transport mode added
- IPsec NAT-T
- Option to push settings such as IP, DNS, etc, to mobile IPsec clients (mod_cfg)
- Mobile IPsec works with iOS and Android (Certain versions, see Mobile IPsec on 2.0)
- More Phase 1/2 options can be configured, including the cipher type/strength
- ipsec-tools version 0.8

Firewall:

- Traffic shaper rewritten - now handles any combination of multi-WAN and multi-LAN interfaces. New wizards added.
- Layer7 protocol filtering
- EasyRule - add firewall rules from log view (and from console!)
- Floating rules allow adding non-interface specific rules
- Dynamically sized state table based on amount of RAM in the system
- More Advanced firewall rule options
- FTP helper now in kernel
- TFTP proxy
- Schedule rules are handled in pf, so they can use all the rule options.
- State summary view, report shows states grouped by originating IP, destination IP, etc.

NAT:

- All of the NAT screens were updated with additional functionality
- Port forwards can now handle create/update associated firewall rules automatically, instead of just creating unrelated entries.
- Port forwards can optionally use "rdr pass" so no firewall rule is needed.
- Port forwards can be disabled
- Port forwards can be negated ("no rdr")
- Port forwards can have source and destination filters
- NAT reflection improvements, including NAT reflection for 1:1 NAT
- Per-entry NAT reflection overrides
- 1:1 NAT rules can specify a source and destination address
- 1:1 NAT page redesigned
- Outbound NAT can now translate to an address pool (Subnet of IPs or an alias of IPs) of multiple external addresses
- Outbound NAT rules can be specified by protocol
- Outbound NAT rules can use aliases
- Improved generation of outbound NAT rules when switching from automatic to manual.

Alle Changes:
http://doc.pfsense.org/index.php/2.0_New_Features_and_Changes

Download:
http://blog.pfsense.org/?p=598

 

[mark05]

hi

ansich finde ich das projekt schon geil ... nur leider setzt es , in meinen augen,
auf den falschen OS auf ........ wenn ich pf will gibt es eigentlich kein weg an
OpenBSD vorbei oder ich akzeptiere das ich immer um jahre zurueck bin.

holger

 

[Athaba]

Aber es ist doch ziemlich egal was du nimmst. Man hat praktisch überall einen Rückschlag und pf war schon vor Jahren gut und für fast alles mehr als ausreichend. Vom perfektem System träumen wir ja alle.

(das gibt es auch schon und heißt Plan 9 )

Ich muss mir endlich mal ein nettes Atom-Board oder so kaufen und pfSense drauf packen.

Gruß,
Athaba