pfstat http://www.benzedrine.cx/pfstat.html pfstat is a small utility that collects packet filter statistics and produces graphs. THIS PACKAGE HAS NOT BEEN UPDATED TO USE THE LATEST VERSION OF PF. Network Management http://www.pfsense.com/packages/config/pfstat.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All pfstat-1.7.tbz Stable 1.7 pfstat.xml pure-ftpd http://www.pureftpd.org/ Pure FTPd Server is a fast, production quality, standards-conformant FTP server based on Troll-FTPd. It has no known vulnerabilities, is trivial to set up, and is especially designed for modern kernels. Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in 'ls', FXP protocol, anti-warez system, bandwidth throttling, restricted ports for passive downloads, an LDAP backend, XML output, and more. FTP http://www.pfsense.com/packages/config/pure-ftpd.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All pure-ftpd-1.0.20_3.tbz 1.0.20_3 Stable pure-ftpd.xml ftp pure-ftpd.log nmap http://www.insecure.org/nmap/ NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ. Security http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All nmap-3.81.tbz 3.81 Stable http://www.pfsense.com/packages/config/nmap.xml nmap.xml ntop http://www.ntop.org/ ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. Network Management http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All/ ntop-3.1_1.tbz 3.1_1 BETA http://www.pfsense.com/packages/config/ntop.xml ntop.xml stunnel http://www.stunnel.org/ The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the program's code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, allowing stunnel to support whatever cryptographic algorithms you compiled into your crypto package. Network Management http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All stunnel-4.10.tbz 4.10 Stable http://www.pfsense.com/packages/config/stunnel.xml stunnel.xml carp CARP is a tool to help achieve system redundancy by having multiple computers creating a single, virtual network interface between them. This allows another machine to respond in the event a server fails, and allows a degree of load sharing between systems. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was shown to possibly overlap a Cisco patent. http://www.openbsd.org/faq/faq6.html#CARP Network Management 0.1.0 ALPHA http://www.pfsense.com/packages/config/carp.xml carp.xml iperf http://dast.nlanr.net/Projects/Iperf/ Iperf is a tool for measuring maximum TCP and UDP bandwidth, reminiscent of ttcp and nettest. It has been written to overcome the shortcomings of those aging tools. Iperf can also test UDP bandwidth, loss, and jitter. Network Management http://www.pfsense.com/packages/config/iperf.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All iperf-2.0.2.tbz 2.0.2 ALPHA iperf.xml spamd http://www.openbsd.org/ Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later. Services http://www.pfsense.com/packages/config/spamd.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All spamd-3.7.tbz 3.7 ALPHA spamd.xml pfflowd http://www.mindrot.org/pfflowd.html pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate. Network Management http://www.pfsense.com/packages/config/pfflowd.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All/ pfflowd-0.6.tbz 0.6 BETA pfflowd.xml assp http://assp.sourceforge.net The Anti-Spam SMTP Proxy (ASSP) Server project is an open source platform-independent SMTP Proxy server which implements whitelists and Bayesian filtering to rid the planet of the blight of unsolicited email (UCE). UCE must be stopped at the SMTP server. Anti-spam tools must be adaptive to new spam and customized for each site's mail patterns. This free, easy-to-use tool works with any mail transport and achieves these goals requiring no operator intervention after the initial setup phase. Default username: anything, Password: nospam4me Network Management http://www.pfsense.com/packages/config/assp.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/All perl-5.8.6_2.tbz perl 0.1 ALPHA assp.xml siproxd http://siproxd.sourceforge.net/ Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections possible via a masquerading firewall. It allows SIP clients (like kphone, linphone) to work behind an IP masquerading firewall or router. Services http://www.pfsense.com/packages/config/siproxd.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All/ siproxd-0.5.11.tbz 0.5.11 ALPHA siproxd.xml netio http://freshmeat.net/projects/netio/ This is a network benchmark for DOS, OS/2 2.x, Windows NT/2000 and Unix. It measures the net throughput of a network via NetBIOS and/or TCP/IP protocols (Unix and DOS only support TCP/IP) using various different packet sizes. Network Management http://www.pfsense.com/packages/config/netio.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All netio-1.14.tbz 1.14 0.1 ALPHA netio.xml ifstated http://www.openbsd.org/ The ifstated daemon runs commands in response to network state changes, which it determines by monitoring interface link state or running e xter- nal tests. For example, it can be used with carp(4) to change running services or to ensure that carp(4) interfaces stay in sync, or with pf(4) to test server or link availability and modify translation or routing rules. This package is currently useless without the carp package installed. Network Management http://www.pfsense.com/packages/config/ifstated.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All ifstated-20050505.tbz 20050505 ALPHA ifstated.xml ifdepd The ifdepd daemon implements dependencies between network interfaces in a reliable fashion. If any of the source interfaces fails, ifdepd sets all destination interfaces to state down. If all source interfaces are up, ifdepd sets all destination interfaces to state up. http://hugo.bmg.gv.at Network Management http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All ifdepd-20050420.tbz 20050420 ALPHA http://www.pfsense.com/packages/config/ifdepd.xml ifdepd.xml arpwatch Arpwatch monitors ethernet/ip address pairings. It also logs certain changes to syslog. http://www-nrg.ee.lbl.gov/ Security http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All arpwatch-2.1.a13.tbz 2.1.a13 ALPHA http://www.pfsense.com/packages/config/arpwatch.xml arpwatch.xml arpwatch arpwatch.log mtr-nox11 Enhanced traceroute replacement http://www.bitwizard.nl/mtr/ Network Management http://www.pfsense.com/packages/All mtr-nox11-0.65_2.tbz 0.65_2 ALPHA ALPHA http://www.pfsense.com/packages/config/mtr-nox11.xml mtr-nox11.xml squid High performance Web proxy cache http://www.squid-cache.org/ Network Management http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All squid-2.5.10_1.tbz 2.5.10_1 ALPHA ALPHA http://www.pfsense.com/packages/config/squid.xml squid.xml upnp Emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to work properly from behind a NAT firewall. http://linux-igd.sourceforge.net/ Network Management http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All linuxigd-0.92_2.tbz 1.0.4_1,1 *TESTED. NEEDS MORE TESTING!* http://www.pfsense.com/packages/config/upnpd.xml upnpd.xml powerdns PowerDNS (AKA pdns) is an advanced high performance authoritative nameserver with MANY advanced features http://www.powerdns.com/ Network Management http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5.3-release/All powerdns-2.9.16_4.tbz 2.9.16_4 ALPHA (NO GUI) http://www.pfsense.com/packages/config/powerdns.xml powerdns.xml frickin The Frickin PPTP Proxy allows a Point-to-Point Tunneling Protocol (PPTP) client to connect to a PPTP server through Network Address Translation. http://www.placid.tv Services 1.2 ALPHA http://www.pfsense.com/packages/config/frickin.xml frickin.xml postfix Postfix mail forwarder. Forwards mail to another mail server. http://www.postfix.com/ Mail http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5.3-release/mail postfix-1.1.12_1%2c1.tbz 1.1.12_1 ALPHA http://www.pfsense.com/packages/config/postfix.xml postfix.xml squidGuard High performance Web proxy Guard http://www.squidguard.org/ Network Management http://ftp2.freebsd.org/pub/FreeBSD/releases/i386/5.3-RELEASE/packages/All squidGuard-1.2.0_1.tbz 1.2.0_1 ALPHA http://www.pfsense.com/packages/config/squidGuard.xml squidGuard.xml freeradius http://www.freeradius.org/ FreeRADIUS is the premiere open source RADIUS server. It is fast, flexible, configurable, and supports more authentication protocols than many commercial servers. A client entry for localhost with the shared secret "pfsense" is defined on installation for easy integration with the captive portal. This package is currently intended to provide a local user database for captive portal and pptp - it does not employ SQL and is not meant to supplant an external RADIUS server for advanced tasks. Security http://www.pfsense.com/packages/config/freeradius.xml http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-current/All freeradius-1.0.2_1.tbz 1.0.2_1 Stable freeradius.xml doorman http://doorman.sourceforge.net Doorman is a port knocking implementation which allows a server to run silently, invisibly, with all TCP ports closed except to those who know the secret knock. Security http://www.pfsense.com/packages/config/doorman.xml http://www.pfsense.com/packages/All doorman-0.8_1.tbz 0.8_1 ALPHA doorman.xml