Introduction to common pfSense plugins

Others 2022-04-22 04:53:16 views: 0

One of the greatest features of pfSense is that it can adapt to many different situations of using plugins. Using a plugin-based system keeps the base pfSense installation small, and users can install plugins with the desired functionality according to their needs.


If you want to install plugins, you must use the full version of pfSense, custom installation of plugins is not supported on embedded or liveCD versions. To learn about the plugins and features of the current version of pfSense, click here .

The following are commonly used plugins in pfSense:

Squid

Squid is by far the most popular pfSense plugin. Squid is a caching proxy server that improves the performance of your internet connection. Squid builds a cache of commonly accessed web pages, images, or other files that clients request from the Internet. If the requested item is found in the cache, Squid can send it directly to the requesting computer instead of using an Internet connection.


The Squid plugin can be configured to run transparently, which means that traffic on the network is automatically routed through the proxy without changing any configuration on the workstation. Another benefit of installing this plugin is that, when combined with LightSquid, you can view reports of websites visited by computers on your network.

wKioL1kyMHui2c98AAFegYzfyvA030.png

pfBlockerNG

PfBlockerNG is a plugin that blocks incoming and outgoing traffic based on IP address or domain name. The plugin offers several features to protect your network from unwanted traffic, including country blocking, IP/DNS blacklisting, and IP reputation blocking.


The DNS Blacklist feature allows you to add multiple external blacklists to block traffic such as ads, threats and malware. This is a great plugin if you run a mail server on the web. By adding spam blacklists like Spamhaus, you can stop spam before it reaches your server.

14000133_f1024.jpg


SquidGuard

SquidGuard is a high-speed URL filter and redirector. By uploading a custom blacklist or using a free list, you can customize the sites that users on your network are allowed to access. The plugin can also configure a schedule to grant access only to certain times of the day.


SquidGuard can also enforce the use of domain names, preventing users from bypassing blacklists by entering an IP address. Blocked URLs can redirect to external websites or internal information pages.


14000133_f1024.jpg

Darkstat

Darkstat is a network traffic monitor that runs in the background and captures network traffic for generating usage statistics. Data collected through this plugin can be viewed using the web interface. You can drill down into the graph to see which protocols and ports are taking up the most bandwidth on your network.

14000133_f1024.jpg

Snort

Snort is a very popular open source intrusion detection and prevention system (IDS/IPS). Install this plugin on pfSense to analyze network traffic to detect probes, buffer overflow attacks, port scans, and more.


The Snort engine is based on rules that are regularly updated by the community. Snort can be configured to automatically send alerts, block or log intrusion attempts. If you are concerned about network security, installing Snort is highly recommended .

14000133_f1024.jpg

Suricata

Suricata is an open source Intrusion Detection System (IDS). Suricata has several advantages.

1. It is multi-threaded, so you can run an instance and it will balance the load processing on each processor.

2. Suricata will automatically identify the most common protocols at the beginning of traffic, allowing rule writers to write rules to protocols instead of expected ports.

3. Suricata can recognize thousands of file types on the web and can mark files for extraction so that the files are written to disk and use a metadata file describing the capture and process.

Another advantage of Suricata is that it is compatible with Snort rules, so while it is a replacement for Snort, Snort updates can still be used. In pfSense, Suricata is provided as a plugin.

pf-install-suricata.png


ntopng

ntopng is the next-generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcap and can run on Unix, MacOSX, freeBSD, linux and Windows platforms.

ntopng – provides an intuitive, encrypted web user interface for real-time viewing and historical traffic information analysis. Features include:


  • Classify network traffic based on multiple criteria including IP address, port, L7 protocol, throughput, autonomous system (AS)

  • Displays real-time network traffic and active hosts

  • Long-term reports can be generated for a variety of network metrics including throughput and application protocol

  • Monitor and report real-time throughput, network and application latency, round-trip time (RTT), TCP statistics (retransmissions, out-of-order packets, packet loss), and bytes and packets transmitted

  • Store persistent traffic statistics on disk for future exploration and postmortem analysis

  • Geolocation

  • Discover application protocols (Facebook, YouTube, BitTorrent, etc.) by leveraging nDPI , ntop Deep Packet Inspection (DPI) technology

  • Identify HTTP traffic by leveraging the characterization services provided by Google and HTTP blacklisting

  • Analyze IP traffic and classify it based on source/destination.

  • Reports IP protocol usage sorted by protocol type

  • Generate HTML5/AJAX web traffic statistics

  • Full support for IPv4 and IPv6

  • Comprehensive Layer 2 support (including ARP statistics)

  • Support GTP/GRE protocol

  • Supports MySQL, ElasticSearch and LogStash export of monitoring data

  • Interactive historical exploration of monitoring data exported to MySQL

  • Alerting engine catches anomalous and suspicious hosts

  • Provides support for SNMP  v1/v2c and continuous monitoring of SNMP devices

25.png

mailreport

The mailreport (mail report) plugin in pfsense allows you to set up regular email reports containing command output and log file content. Through the mobile mail client, you can keep abreast of the firewall's operating status.

3.png


How to install plugins

Plugins are very easy in pfSense. To add or remove plugins, navigate to the System > Plugins Management page.

Click the Available Plugins tab to see a full list of all available plugins. When you find a plugin to install, just click the plus sign to the right of the plugin description to install it.

pfSense will automatically install and create a new menu entry for you. Most plugins create an entry in the system services menu.

14000133_f1024.jpg


other plugins

In addition to the above plugins, there are many other plugins for pfSense. Since pfSense is open source, you can also develop your own plugins and submit them to the repository. Since pfsense is developed based on FreeBSD, almost any common FreeBSD plugins can be packaged and run in pfSense.


Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324817505&siteId=291194637
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com