O pfSense é um firewall opensource que merece o respeito de quem trabalha com segurança. Simplicidade, robustez e função, essas são algumas de suas características. Eu já vi grandes redes tendo os seus perímetros protegidos por este cara e não passarem por grandes problemas.

O único ponto de atenção é que o especialista/analista responsável pela administração deste firewall não pode só entender de produto, ele precisa sacar bem de linux, tcp/ip, segurança, freebsd e pfSense.

Eu cansei de passar o seguinte link para os meus amigos: HOWTO: Xbox 360 Live connection with pfSense (Port Forward & UPnP)

Abaixo, segue a lista de melhorias que essa nova versão sofreu:

  • Improved accuracy of automated state killing in various cases (#1421)
  • Various fixes and improvements to relayd
  • Added to Status > Services and widget
  • Added ability to kill relayd when restarting (#1913)
  • Added DNS load balancing
  • Moved relayd logs to their own tab
  • Fixed default SMTP monitor syntax and other send/expect syntax
  • Fixed path to FreeBSD packages repo for 8.1
  • Various fixes to syslog:
  • Fixed syslogd killing/restarting to improve handling on some systems that were seeing GUI hangs resetting logs
  • Added more options for remote syslog server areas
  • Fixed handling of ‘everything’ checkbox
  • Moved wireless to its own log file and tab
  • Removed/silenced some irrelevant log entries
  • Fixed various typos
  • Fixes for RRD upgrade/migration and backup (#1758)
  • Prevent users from applying NAT to CARP which would break CARP in various ways (#1954)
  • Fixed policy route negation for VPN networks (#1950)
  • Fixed “Bypass firewall rules for traffic on the same interface” (#1950)
  • Fixed VoIP rules produced by the traffic shaper wizard (#1948)
  • Fixed uname display in System Info widget (#1960)
  • Fixed LDAP custom port handling
  • Fixed Status > Gateways to show RTT and loss like the widget
  • Improved certificate handling in OpenVPN to restrict certificate chaining to a specified depth – CVE-2011-4197
  • Improved certificate generation to specify/enforce type of certificate (CA, Server, Client) – CVE-2011-4197
  • Clarified text of serial field when importing a CA (#2031)
  • Fixed MTU setting on upgrade from 1.2.3, now upgrades properly as MSS adjustment (#1886)
  • Fixed Captive Portal MAC passthrough rules (#1976)
  • Added tab under Diagnostics > States to view/clear the source tracking table if sticky is enabled
  • Fixed CARP status widget to properly show “disabled” status.
  • Fixed end time of custom timespan RRD graphs (#1990)
  • Fixed situation where certain NICs would constantly cycle link with MAC spoofing and DHCP (#1572)
  • Fixed OpenVPN ordering of client/server IPs in Client-Specific Override entries (#2004)
  • Fixed handling of OpenVPN client bandwidth limit option
  • Fixed handling of LDAP certificates (#2018, #1052, #1927)
  • Enforce validity of RRD graph style
  • Fixed crash/panic handling so it will do textdumps and reboot for all, and not drop to a db> prompt.
  • Fixed handling of hostnames in DHCP that start with a number (#2020)
  • Fixed saving of multiple dynamic gateways (#1993)
  • Fixed handling of routing with unmonitored gateways
  • Fixed Firewall > Shaper, By Queues view
  • Fixed handling of spd.conf with no phase 2?s defined
  • Fixed synchronization of various sections that were leaving the last item on the slave (IPsec phase 1, Aliases, VIPs, etc)
  • Fixed use of quick on internal DHCP rules so DHCP traffic is allowed properly (#2041)
  • Updated ISC DHCP server to 4.2.3 (#1888) – this fixes a denial of service vulnerability in dhcpd.
  • Added patch to mpd to allow multiple PPPoE connections with the same remote gateway
  • Lowered size of CF images to again fix on newer and ever-shrinking CF cards.
  • Clarified text for media selection (#1910)

O seu download poderá ser feito pelo seguinte link. Vale lembrar que ele roda no freebsd e há excelentes livros de receitas sobre ele (um deles está disponível no Wow! eBook).