found PFsense to be temperamental and very eccentric
i have had experiences like we're changing a dhcp setting would make the whole thing unbootable
the adons seem abit ramshackle some not working / not been updated in abit or adons wich conflict with each other
Features which sound good like adblocking are better done in the browser (no boxes where the add should be)
i found the pfsense forums condescending with people and abit ( guy1:"i want to do A" forum:" no we dont like that do B instead" guy1 "but that won't achieve what i want to do ")
one good thing i can say about it once you have your setting locked in it is solid
i no people love it i just dont no why
is there sumthing cool about it minus VPN's
2 Likes
It's a powerful firewall. Can analyze data. Snort bad traffic. Logs for everything. V-lans, fall over and aggregation...
I'm an enthusiast home user. It's designed for enterprise use and one shouldn't expect the same support as Ubuntu or windows.
So far my install and setup has been easy. I've either been lucky, or you have been unlucky.
I manage an insanely expensive firewall system on a day to day business so I'd like to think I have a bit of an advantage to answer this question but I'm still newer to PFSense and I don't deal with it nearly as much as I do as my firewall at work so that may not be true.
PFSense is the absolute most powerful firewall system that a home user could probably ever touch and manipulate without much (to any) expenditure. The features available on the PFSense system rival that of mid-range SOHO firewalls that can cost up to 500-1000 dollars (low end Cisco, mid range sonicwall, etc.); and that's before you add in subscription costs for something like VPN/tunneling services, etc. You just have to have extremely high level understanding of how a network runs in order to manipulate it correctly since it almost sets itself up.
I haven't posted much on the PFSense forum since most of my problems I've been able to figure out or google, but the one question I have asked was answered politely. The issue you might have seen was someone trying to deviate from a best practices solution. Since this is a firewall, and even though it's at home, security is the primary function of the device. If you want to do anything, you do it with "is this secure" first in your mind... or at least you should.
The reason you're seeing boxes for the adblocking is due to the way it blocks it. Instead of detecting ad space on the webpage which is how ablock (assumingly) accomplishes the task, the firewall just blocks all known advertising DNS'/IPs. This works better assuming the database is kept up to date.
I'd argue your DHCP change was a bug.
2 Likes
pfSense is pretty good. I've been using it in production here for about 3 years. It's allowed me to do things that Cisco techs didn't even know could be done, let alone how to do on Cisco gear.
That being said.. it's not perfect. For example, automatically and smartly doing WAN fail-over has never been satisfactory for me. That's fine because I think my expectations were too high, and after reflection on the issue, I have decided that manual intervention is quick and prevents some of the issues we experienced on automatic.
I think there is room for pfSense to grow. Some fuzzy logic features could really transform it from functional to magical. I'm still a few versions behind because production environment and testing... but I like what I've seen.
I should get my Up Squared SBC in a few weeks, and then I'll use that for my pfSense router at home. I'll be able to do more experimentation that way, and bring that knowledge to my production environment at work.
i think i'v been unlucky
i've got a network degree so i'm not a total noob
love the logs especially using ntopng
at home i have 1 pc a server 2 tv's a phone and a tabalet
and it just feels more hassle than it's worth
If all you want to do is NAT and DHCP, an off the shelf consumer router will get the job done without any configuration in most cases.
pfSense shines when you have a more complex setup: Like multiple WANs, VPNs, multiple subnets, etc.
2 Likes
i dont think i have the need fore it to feel the love
not like the love a man feels about his zfs pool anyway
1 Like
What hassle have you been having with it?
I have been using Pfsense for years at home and love every aspect of it. Dual Wan is only thing that comes to mind that i had frustration with .
Dual Lan one wired one for a AP
found out that the AP sied was not passing DHCP and DNS requests to the wired sied
so fixed it with a rule allowing broadcasts for 0.0.0.0 through the bridge
i already had a rule allowing all tcp/udp traffic between the two interfaces
so took me a bit to realise
When you consider how buggy off the shelf consumer routers can be, not to mention the multitude of security vulnerabilities (many of which are never addressed by the manufacturer), pfSense starts to make a lot of sense for the SOHO environment, even when pfSense's more advanced features aren't actually needed. But, if you have multiple WANs, or wish to run OpenVPN, Snort, Squid, Captive Portal, a DNS server, or perform traffic shaping, for example, there aren't a lot of alternatives to pfSense, which can pull all of this off with the same ease of use and cost.
I've never considered pfSense to be a hassle to install, or maintain, but I didn't consider its configuration to be intuitively obvious on my first attempt. The devs "wrote the book" of pfSense though and that book is still remarkably relevant, even though it was published many years ago.
More recently, there have been some pretty good survey vids posted to the YouTube. This guide should help folks to get a basic config working, even if they have only the most basic networking knowledge.
3 Likes
thanks i will definitely watch the youtube videos