Announcement

**Kendji** · 28 July 2016, 03:45 PM

Looking to build a custom firewall, looking into which to choose. Opnsene or pfsense. What are the differences?

**speculatrix** · 28 July 2016, 04:25 PM

Originally posted by Kendji View Post

Looking to build a custom firewall, looking into which to choose. Opnsene or pfsense. What are the differences?

in theory opnsense is a superset of pfsense, being a fork of it, with the stated aim of developing it faster.

OPNsense: Beyond the fork - OPNsense® is a true open source firewall and more

https://opnsense.org/opnsense-beyond-the-fork/

I think pfSense is pretty solid, as it is pretty mature, but slower moving.

So what you choose depends on what you prefer, features vs maturity.

**Luke_Wolf** · 28 July 2016, 06:18 PM

Originally posted by Kendji View Post

Looking to build a custom firewall, looking into which to choose. Opnsene or pfsense. What are the differences?

OPNsense is to pfsense, as libressl is to openssl. Basically OPNsense is a fork and major refactoring of pfsense, and so in principle should be generally better, but I don't know how they compare at this point.

**darkfires** · 29 July 2016, 01:38 AM

I have experience with both, and OPNsense is far superior in usability, feeling much more polished. pfSense is full of dirty code (pain in the ass to modify) and a crappy UI by comparison. They forked long ago and OPNsense did it the right way.

If you are looking for a decent solution for a custom firewall, I would definitely give OPNsense a shot first. It runs well in a VM if you want to play with it before loading it on baremetal.

**Revan** · 29 July 2016, 02:36 AM

Originally posted by darkfires View Post

I have experience with both, and OPNsense is far superior in usability, feeling much more polished. pfSense is full of dirty code (pain in the ass to modify) and a crappy UI by comparison. They forked long ago and OPNsense did it the right way.

If you are looking for a decent solution for a custom firewall, I would definitely give OPNsense a shot first. It runs well in a VM if you want to play with it before loading it on baremetal.

The only thing polished about OPNsense is the interface, but no Network Admin/Dev Ops will ever recommend it. The guys at Decisio choose to have a fast update schedule as opposed to security testing their software like pfSense. They had loads of regressions until about half a year ago and some features where not working as expected. They mostly fixed all of them now but this just shows why this project exists: it's a PR stunt! That's why no major company will trust OPNsense.

If you're just using it for your home, I guess it's fine, you don't need the best security and the user interface is certainly a plus, but don't compare it to pfSense. It's like comparing a cheap D-Link 3 (router, switch and access point) in 1 router with a Cisco router.

**bug77** · 29 July 2016, 03:40 AM

Originally posted by speculatrix View Post

in theory opnsense is a superset of pfsense, being a fork of it, with the stated aim of developing it faster.

OPNsense: Beyond the fork - OPNsense® is a true open source firewall and more

https://opnsense.org/opnsense-beyond-the-fork/

I think pfSense is pretty solid, as it is pretty mature, but slower moving.

So what you choose depends on what you prefer, features vs maturity.

Are there features that are missing in pfSense (or any other firewall) at this point?
Between my router and locally installed firewalls, I've never felt a need to add another box to the mix. I can see how having a dedicated box can free your desktop from the burden of filtering traffic, but Windows will complain anyway if you completely disable the firewall...

**starshipeleven** · 29 July 2016, 05:51 AM

Originally posted by bug77 View Post

Are there features that are missing in pfSense (or any other firewall) at this point?
Between my router and locally installed firewalls, I've never felt a need to add another box to the mix. I can see how having a dedicated box can free your desktop from the burden of filtering traffic, but Windows will complain anyway if you completely disable the firewall...

It's not a "burden" in any sense unless you have a PII, it's that dedicated firewall solutions are not pointless like Windows Firewall (as 99% of the consumer routers have a firewall that is better than that), and have more advanced filtering rules/logic.

For consumers the firewall integrated in the router is usually enough.

**Jabberwocky** · 29 July 2016, 05:52 AM

I would like to try OPNsense/pfSense with docker. It would be useful if I could manage firewall rules between instances through an easy to configure / change frontend. Docker on FreeBSD just automates jails, I don't have much experience with FreeBSD jails. I found docker easy to mess around with while learning a how jails work along the way. I was using FreeBSD 10.2 at the time.

**bug77** · 29 July 2016, 06:05 AM

Originally posted by starshipeleven View Post

It's not a "burden" in any sense unless you have a PII, it's that dedicated firewall solutions are not pointless like Windows Firewall (as 99% of the consumer routers have a firewall that is better than that), and have more advanced filtering rules/logic.

For consumers the firewall integrated in the router is usually enough.

The router's firewall may be enough for consumers, but so is ZoneAlarm/Comodo/whatever. I mean, all you need is to be alerted when some program wants to connect to the Internet or accept incoming connections.

Announcement

pfSense/m0n0wall-Forked OPNsense 16.7 Released

pfSense/m0n0wall-Forked OPNsense 16.7 Released

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment