We have already demonstrated how packages can be used to extend the functionality of pfSense in previous chapters. For example, we used the OpenVPN Client Export Utility to make OpenVPN client configuration easier. We also showed how routed packages can be used to make dynamic routing available with pfSense. These packages, however, only represent a fraction of what is available.
We can divide the packages available for pfSense into several categories:
cron
utility. NoJ:JUNKNew folder of them are just Linux command-line utilities, but most perform simple functions. For example, Service_Watchdog
monitors pfSense for stopped services and restarts them. Packages such as arping
, cron
, and sudo
fall into this category.darkstat
, RRD_Summary
, and softflowdare
are among the packages that fall into this category.nmap
, snort
, and suricata
fall into this category.It is impossible to do justice to all the packages available for pfSense within a single chapter, but we will cover the most important packages. The outline of this chapter is as follows:
For the most part, you can begin installing and configuring pfSense packages without worrying too much about the effects they will have on your pfSense system. Nonetheless, some caution is called for when installing packages on mission-critical systems. First, having some basic knowledge of the technologies underlying the packages you want to install is helpful. For example, it would be ill-advised to install routed (the Routing Information Protocol daemon) without having some basic knowledge of how dynamic protocols work in general and how RIPv1 and RIPv2 work.
Beyond that, you should be mindful of the fact that installing additional packages may consume additional resources. Simple packages such as arping
and cron
can be installed on virtually any pfSense system without much consideration, but they are the exception to the rule. Installing and configuring a proxy server requires additional disk space to store cached web pages. Many packages require additional CPU resources. Any dynamic routing protocol requires CPU resources to calculate routes, as do many intrusion detection systems. If you had not foreseen installing such packages when you initially came up with the specifications for your pfSense box, you may have to adjust these specifications accordingly.
Installing and using packages without consideration of resource utilization can result in the following:
All of these are outcomes we want to avoid in a production environment, so obviously some caution is justified when installing and configuring packages.
Furthermore, you should take into consideration the way packages interact with existing pfSense functionality and other packages. For example, some packages are installed in the same location as other packages and thus cannot co-exist with each other (OpenBGPD and Quagga OSPF come to mind). If you already have firewall rules in place upon which you rely, be aware that installing a proxy can affect outcomes, and traffic that was assumed to be blocked may no longer be blocked, as we will see when we cover squid later in this chapter.
52.14.172.93