To protect themselves from the many digital attacks, companies must use powerful tools. And, for our computers at home, it is necessary to apply the same rigor, even if we do not always have the financial means that have big companies.
This article shows how to benefit, at home and at a lower cost, from a protection comparable to the one companies have, with pfSense from Netgate, "the most reliable open source firewall in the world", to be placed behind the box of your ISP, to filter the Web, at least.
PfSense is a router and a firewall. These two components also offer unified threat management, load balancing, a multi-WAN network, etc.
Netgate offers several ready-to-use configurations of pfSense, depending on usage:
You can also do the installation yourself and an old computer will probably do the trick because pfSense is very resource-efficient and works even on older machines. And if you do not have an old PC on hand, you can easily find small machines on eBay for a handful of euros. Preferably, it is necessary to choose the type "NANO PC", non-energy consuming, because the machine will work 24/24.
The minimum hardware requirements for the current version of pfSense are:
600 MHz CPU or faster
RAM 512 MB or more
4 GB or more player (SSD, HDD, etc.)
One or more compatible network interface cards
Bootable USB stick or CD / DVD-ROM, for the first installation
We use a NANO PC from FOXCONN and it works perfectly since a very long time. If necessary, we can add additional "network" cards, preferably GIGABIT, such as the one integrated natively in FOXCONN.
The CONNECTLAND firm offers a USB3 GIGABIT ETHERNET adapter at a very good price. By experience, we can say that it is a very good brand and intrinsic components (chips) are recognized automatically by Microsoft and Linux, the system on which pfSense relies.
Even for neophytes (non Linux specialists), the installation of pfSense is very easy ... and it's even easier when you know Linux ;-)
And since several sites already offer good tutorials, we will pass this step (see the web links).
PfSense is managed via its web interface, which is easy to use, complete and efficient. Access to this interface is, of course, conditioned by entering the identifiers, defined during the installation:
In addition, you can easily add features as needed (Snort, Proxy, ...):
And the supervision views are very clear, embellished with effective graphics:
With PfSense connected between your ISP Box and your home network ... It's secure ... Let's relax!
It should be noted that pfSense works very well also when installed on ESX (VmWare). This is a bit more professional part that we may develop in a future article ...
In the meantime, we can get our hands on an obsolete machine, which will have the hardware requirements for pfSense. What will cost a bit is only the time ... the time we spend installing the product, especially if we are not yet computer savvy. But the return on investment is excellent; we will not regret it (we never regret to acquire new knowledge or to improve).
This article was written with the kind participation of Dottoressa Micaccia; Here are some useful links to prepare the installation of pfSense:
Nota Bene :
- Knowledge is acquired through experience, everything else is just information. (Albert Einstein)
- Imagination is more important than knowledge. Imagination is the language of the soul. Pay attention to your imagination and you will discover everything you need to be fulfilled. (Albert Einstein)
- It is the supreme art of the teacher to awaken joy in creative expression and knowledge. (Albert Einstein)
- All our knowledge derives from our sensitivity. (Leonardo da Vinci)
- To admit that we do not know everything is the first step of our journey to knowledge. (Socrates)
- Knowledge that is not completed every day decreases every day. (Chinese proverb)
- None of us knows what we all know together. (Lao Tzu)
- To digest knowledge, it must be swallowed with appetite. (Anatole France)