List of pfSense Features

The most comprehensive, up to date features listing can be found on the pfSense website.
A community contributed list follows.
  • arpwatch – Arpwatch monitors Ethernet to IP address pairings and logs changes to syslog.
  • Ipguard-dev – Attempts to maintain IP:MAC pairs by force.
  • nmap – A utility for network exploration or security auditing.
  • OpenVPN Client Export Utility – Allows a pre-configured OpenVPN Windows Client or Mac OSX’s Viscosity configuration bundle to be exported directly from pfSense.
  • snort – An open source network intrusion prevention and detection system (IDS/IPS).
  • SSHDCond – Defines SSH overrides for users,groups,hosts and addresses using Match in a convenient way.
  • stunnel – An SSL encryption wrapper between remote client and local or remote servers.
  • sudo – Allows delegation of privileges to users in the shell so commands can be run as other users, such as root.
  • suricata – High Performance Network IDS, IPS and Security Monitoring engine by OISF.
  • tinc – tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.
Network Management
  • Apache with mod_security – ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.
  • Avahi – Avahi is a system which facilitates service discovery on a local network.
  • HAVP antivirus – HTTP Antivirus Proxy with a ClamAV anti-virus scanner.
  • LADVD – Send and decode link layer advertisements. Support for LLDP (Link Layer Discovery Protocol), CDP (Cisco Discovery Protocol), EDP (Extreme Discovery Protocol) and NDP (Nortel Discovery Protocol).
  • Lightsquid – High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.
  • mtr-nox11 – Enhanced traceroute replacement
  • netio – Network benchmark tool.
  • nut – Network UPS Tools
  • Proxy Server with mod_security – Web application firewall that can work either embedded or as a reverse proxy.
  • siproxd – Proxy for handling NAT of multiple SIP devices to a single public IP.
  • squid – High performance web proxy cache.
  • squidGuard – High performance web proxy URL filter.
  • Zabbix-2 Agent – Monitoring agent.
  • Zabbix-2 Proxy – Monitoring agent proxy.
  • bandwidthd – Tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization.
  • darkstat – darkstat is a network statistics gatherer.
  • iftop – Realtime interface monitor (console/shell only)
  • pfflowd – Converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams.
  • mailreport – Periodic e-mail reports containing command output, log file contents, and RRD graphs.
  • ntopng – A network probe that shows network usage in a way similar to what top does for processes.
  • softflowd – Softflowd is flow-based network traffic analyser capable of Cisco NetFlow data export.
  • urlsnarf – HTTP URL Sniffer (console/shell only)
  • vnstat2 – Vnstat is a console-based network traffic monitor. The vnstat PHP frontend and vnstati adds a more user friendly way of displaying traffic usage.
  • Apcupsd – Set of programs for controlling APC UPS.
  • arping – Broadcasts a who-has ARP packet on the network and prints answers.
  • AutoConfigBackup – Automatically backs up the pfSense configuration file. All contents are encrypted before being sent to the server. Requires Gold Subscription
  • bacula-client – Bacula is a set of Open Source, computer programs that manage backup, recovery, and verification of computer data across a network of computers of different kinds.
  • bind – The most widely used name server software
  • Check_mk agent – The basic idea of check_mk is to fetch “all” information about a target host at once. For each host to be monitored check_mk is called by Nagios only once per time period.
  • Cron – The cron utility is used to manage commands on a schedule.
  • Dansguardian – An award winning Open Source web content filter.
  • dns-server – pfSense version of TinyDNS which features failover host support
  • freeradius2 – A free implementation of the RADIUS protocol.
  • git – GIT Source Code Management (console/shell only)
  • haproxy-devel – The Reliable, High Performance TCP/HTTP(S) Load Balancer.
  • imspector – An Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.
  • iperf – A tool for testing network throughput, loss, and jitter.
  • mailscanner – An e-mail security and anti-spam package for e-mail gateway systems.
  • NRPE v2 – An addon for Nagios that allows plugins to be executed on remote Linux/Unix hosts.
  • Open-VM-Tools – VMware Tools (open source)
  • PHPService – PHP run as a service it can do anything PHP can do including but not limited to monitoring files, CPU, RAM, and send alerts to the syslog.
  • Postfix Forwarder – Postfix mail forwarder acts as a relay server for a domain.
  • Service Watchdog – Monitors for stopped services and restarts them.
  • Shellcmd – The shellcmd utility is used to manage commands on system startup.
  • spamd – Graylisting SMTP connection forwarder.
  • syslog-ng – Syslog-ng independent syslog server.
  • TFTP – Trivial File Transport Protocol is a very simple file transfer protocol.
  • Varnish3 – Varnish is a state-of-the-art, high-performance HTTP accelerator.
  • vHosts – It is a web server package that can host HTML, Javascript, CSS, and PHP.
  • widentd – RFC1413 auth/identd daemon with fixed fake reply
  • Backup – Tool to Backup and Restore files and directories.
  • blinkled – Allows system LEDs to be used for network activity on supported platforms (ALIX, WRAP, Soekris, etc)
  • gwled – Allows system LEDs to be used for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)
  • RRD Summary – Gives a total amount of traffic passed In/Out during this and the previous month.
  • System Patches – A package to apply and maintain custom system patches.
  • olsrd – The OLSR daemon is an implementation of the Optimized Link State Routing protocol.
  • OpenBGPD – OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4.
  • Quagga OSPF – OSPF routing protocol using Quagga
  • routed – RIP v1 and v2 daemon.
  • File Manager – PHP File Manager
  • Filer – Allows files to be created and overwriteen from the GUI.
  • LCDproc – LCD display driver
  • Notes – Track things to note for this system.
  • pfBlocker – Introduces Enhanced Aliastable Feature to pfsense.
  • Sarg – Squid Analysis Report Generator.