pfSense Requested Features

Hauskeys OTP Support

Access control using mobile phone based one-time-password system from http://hauskeys.safehaus.org∞.
Instructions to try it out on an emulator at http://hauskeys.safehaus.org/Java+Wireless+Toolkit∞

ZFS Support

http://wiki.freebsd.org/ZFS∞
http://www.opensolaris.org/os/community/zfs/whatis/∞
This has recently been introduced to FreeBSD 7, so would be useful for the dynamic parts of the filesystem (squid, ftp, logging, and so on). Perhaps if/when PFSense migrates to the newer kernel, this could be supported.

Interface Support

Improved Interface to T1 gear

* t1 / sync serial support - http://www.daemonnews.org/200003/netgraph.html∞
* t1 and t3 interface support

ADSL Support

support gprs/cdma connection

* similar, but should be better than this: www.koppel.cz/cdmawifi
* universal usb-serial driver for nokia dku5 & compatible cables. global.mobileaction.com/product/product_USB.jsp#Additional
* universal serial modem driver
* easy setup to dial any gprs/cdma connection
* with all these on my laptop, i can carry an instant hotspot wherever me and my laptop goes. even on the road in my car, etc...
If this gets in, I hope conventional dialup gets in too. It would be nice to have this for failover. See below.

pstn modem support

Full pfSense support for modem operations would be cool.
* Dialup failover for WAN (dial-on-connection-fail)
* Dial-on-demand support for dialup-only configurations
* Dial-in server support (PPP server) with customisable rules for pf.

Services

smtp server

local smtp server for faster sending mail and not depend on isp's smtp
allow outbound smtp forwarder to simplify network setup: everything goes to default gw

small local wiki server

* something like http://didiwiki.org/∞ or http://sourceforge.net/projects/iowiki∞
* listen only on lan interface.
* so we can publish little instruction on to our lan users like how they should setup their windows to minimize risk etc...

Captive portal

Support for multiple interfaces

webcam server

additional security to 'watch' our server in case somebody gets their hands on it...
USB driver support and motion detection to only record/transmit when there is something interesting going on.

upstream http proxy for firmware upgrade & packages

* in a multi firewall network it will be necessary to download firmware/packages
via http proxy and not directly from pfsense box.

limit access based on radius user

* each user can be set a limit to their access
* limitation can be: time base, bandwidth allowance, total bandwidth used, ports, etc.
* example: user a can access for only 3 hours. user b can used up max 20MB download/upload, user c can only use email, etc...

Image creation

* Add functionality to backup/restore screen to pull down a custom "FullUpdate" image from a given box.

server packages

i think middle-man.sf.net is a great filtering proxy server and should get into pfsense.
web server, mail server, squid proxy, etc...
it's a waste to have newer pentium4 for firewall only and not running any server...
see redwall for a nice one, but they use linux...
scene: pfSense system running from cf/cd and use harddrive as storage for proxy/mail/web/etc

LDAP for radius user authentication

secure (https) authentication gateway + captive portal

radius billing & accounting

Radius bandwidth settings

inspired from post http://article.gmane.org/gmane.comp.security.firewalls.m0n0wall/11285∞

Mobile l2tp support

http://www.dellroad.org/sl2tps/index∞

Site to Site IPsec VPN support w/dyndns endpoints

DHCPD Dynamic DNS Updates + Hostnames

Ability to enable the dynamic update feature on the DHCPD server and the ability to add hostnames to each static address or a way to modify the dhcpd config manual.
For example option tftp-server-name and option bootfile-name including $MAC Variable for configuring e.g. VoIP telephony devices

Layer 7 capabilities

For both firewalling and traffic shaping
Pattern compatibility with L7-filter for IPTables on Linux might be useful. http://l7-filter.sourceforge.net/∞

Exchange RPC Publishing

It would be way cool to be able to open port 135 *securely* to let Outlook talk to Exchange from outside the network. Port 135 is also a virus' favorite friend, so it would take filtering the TYPE of RPC traffic to only allow traffic bound for exchange. It would be just as good to do it with Microsoft's RPC over HTTP.

new installer

NewInstaller

Deep Packet Inspection

* http://en.wikipedia.org/wiki/Deep_packet_inspection∞
* This would be really useful to let people make plugins for things like automatic port opening for VoIP services, IM file transfers, and games.
* Layer four switches rule

email reporting

A system that sends mails with some alerts\reports such as failed login, daily usage, status of loadbalancer, alert for downtime bandwith....

config backup by email

A system to daily send a backup of all configuration files.

vlan tagging

An option to choose if vlan tagged intefaced should be named after the vlan number, or if it should be the next integer value, regardless of the vlan tag, as today. e.g the first vlan interface that is been created, is named vlan1 the second vlan2 the third, vlan3 etc. regardless of the tag the interface have been set to. The naming would be easier to "understand" if the vlans are named after the tag eg tagged with 100 named vlan100 tagged with 2345 named vlan2345.

OpenVPN LDAP authentication

The option to use an LDAP directory server to authenticate OpenVPN users (in addition to certificates). Could be done either via http://dpw.threerings.net/projects/openvpn-auth-ldap/∞ or per OpenVPN's "auth-user-pass-verify" option and a small script that checks against LDAP and outputs an appropriate exit code. Either way it would require some sort of LDAP lib (probably OpenLDAP).