I am retrofitting a new old box to install pfsense on

[G+_Jason Perry]

I am retrofitting a new old box to install pfsense on. All I have to do at this point is pull my NIC out of my old firewall and put it in my new one.

 

What packages do people recommend?

I don't want to go too crazy, that's kinda why I am switching away from my old OS.

What is essential?

[G+_Keith Mallett]

If you want a robust OS to do firewall and UTM I suggest the free versions of Sophos UTM or Untangled. I have had success with both but there is a learning curve for each.

 

https://www.sophos.com/en/products/free-tools/sophos-utm-home-edition.aspx

 

https://www.untangle.com/

[G+_Jason Perry]

I have been using IPfire and love it.

I highly recommend it to anyone who wants to take their homes network security to the next level.

 

At this point you are wondering why I am switching and there is one reason.

 

The reason I am switching is, red, green, blue, yellow, those are your LANs. regardless how you break them up IPfire only has four LANs, they can be physical or virtual but there is only four. Red is the external facing LAN, Green is for your internal LAN, Blue is for your wireless network, and Yellow is for a DMZ.

 

They have based their entire project around crowd funding which has led to some nice features and some ones that will make you scratch your head. Their latest item on their wish list is a captive portal, which looks very attractive. On the other hand they have a media player and a DVR?

 

Well enough of my rant I have to get back to being productive

[G+_David Wiggins]

For me, I recommend OpenVPN export utility, mail report, and SNORT IDS/IPS (there's a great setup tutorial in the forums). Mail report is good for regular updates. Also, is worth it to set up a dynamic DNS ( I used no-ip free) for use with the open VPN. . .since home IPs change, pfS can automatically update the dynamic hostname, allowing your VPN client, Minecraft server or whatever to have easier access. For detailed traffic info, I use ntopng on my production networks. If you have a UPS, get nut (network ups tools). There used to be a ton of packages, many unmaintained, but 2.3 pruned the list a bit too more manageable, reasonable options. Beyond that, it depends if the focus of your network. Some can add occasional diagnostics like iperf, but I rarely need that, others I don't recommend, like the old Astrix (that should be on separate hardware imo).

[G+_Stede Bonnett]

You don't need to add much. Maybe get the RRD summary, openvpn export (if you need openvpn), Nmap for debugging help, and suricata (or snort, either of which will require configuration)

[G+_Jason Marsh]

Depends on your available bandwidth whether you'd want/have use for it, but what about squid?