Interesting point of view

my 2 cents…

  1. netgate could afford to support CE but choose not too, quite happy to let the code base diverge over time

  2. i’ll keep my CE installs with additional management restrictions from the LAN side against any potential internal threats from the outdated packages (shame on you netgate), for now migrating away as needed, no new CE installs

Ethically it was the CE that “made” netgate, (lots of analogies between vmware/broadcom here for me) so over time I will be NOT be moving over CE installs to plus, I’d rather give the monies elsewhere

Oh, this again :wink:

I’ll keep this short, because the death of CE has been predicted so many times, and yet it hasn’t happened.

I’ll just say this:

  1. pfSense CE is not abandonware. See here: https://redmine.pfsense.org/versions/74

  2. for security updates and bug fixes, there is the System Patches Package: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

  3. yes, most of the new features are for pfSense+ only. But do you really need these features, on your edge router/firewall? Of course everyone has different needs, but personally the CE feature set is more than enough for me.

P.S. I didn’t watch the video. :wink:

1 Like

I am very happy to give my money to Netgate. On a side note, he lost all credibility with me when he started going on about OpenWRT

Why? It’s one of the very few FOSS firewalls still in existence and being actively maintained, alongside OPNsense, which is of course the most obvious alternative to pfSense.

I wouldn’t necessarily recommend OpneWRT for business use, but for a home lab, why not?

My only reason for bringing it up again is the “new security” issue around the outdated packages and the fact that it would not require much engineering effort to update CE since the work has already been done on plus

I find that sly and quite cynical from netgate, a classic tactic to slowly deprecate CE withour actually formally abandoning it, instead of having the backbone to formally announce it

its almost as though they are being advised by a marketing exec :slight_smile:

Odd, i’m been experimenting a lot with OPENWRT, quite impressed by it

I find its modular approach interesting, its only real downside is that the “technical debt” of entry is a lot higher then pfsense/opnsense etc because a lot more has to be done outside the gui (that is alowly changing though as luci develops)

but once you get your head around it, i’d be quite confortable running it in business, you also have to be careful what packages you install in the enviroment

PS a few years from now i think the open source community will be grateful that openwrt is around and matured

1 Like

Are there actual vulnerabilities in CE for which no patch is available via the system patches?

Or did somene, maybe some security (v)loger, run some security test that does just a stupid version number check and then displays a bunch of red messages for any package that doesn’t match the latest upstream version? :wink:

If the former is the case, that would indeed be concering, and I’d be grateful if you could provide a link.

If something along the lines of the latter is the case, I can only say that old version numbers are not necessarily a problem, because a) not every bug can be exploited or is relevant in every context on every system, and b) Netgate also backports a lot of security fixes if they are relevant to pfSense.

1 Like

i dont disagree with you there, thats why i used “security issues”, not security issues.

As you said “that old version numbers are not necessarily a problem”, but they might be later, more then likely not.

The fact that the code base is still so similar and so would not require much work to update the packages, shows intent, coupled with the long time since any CE updates compared to the myriad of plus updates

Why? … as time progresses and they can make the plus code base more and more distinct from CE , that is the time they will be crying wolf and saying CE development time is now taking too many resources and they are not a charity (i’m sure the broadcom execs would agree with them as well)

The distant memory of how they got where they are now, long long forgotten…

I think this is a simple answer. If you have concerns about pfsense CE then switch to something else. Otherwise you could support the project by buying a pfsense+ license, submitting bug/vulnerability reports or buying an appliance from netgate. Just like all businesses they need to make money. Nothing is ever free.

If that isn’t your cup of tea well then, again, find something else and stop complaining about how upset you are about a free firewall.

I hate how the culture is around FOSS. If this was you, head of netgate and you are in the hot seat. You would have a complete opposite reaction to your business. You would need funding to keep this project alive.

1 Like

I don’t necessarily disagree with you either, and I certainly wouldn’t bet my life on pfSense CE being around forever. But I’m also not quite as pessimistic as others, or let’s say I try to stay pragmatic, even though I was quite critical of Netgate here in the forum myself at times, especially when they removed the links to the ISOs on pfsense.org.

Nevertheless, the way it looks now in February 2025, 2.8.0 is still on its way, which means CE will likely be around for a while at least, and I guess we’ll see what happens in the more distant future… :wink:

I dont agree with Maximus – debian, ubuntu, Linux Mint and other Linux distros have been free since the beginning of time. Linux Kernel is free.

Netgate made a decision not to support CE 2.7.2

Then you aren’t understanding me. What I am saying is someone has to maintain those distros. They are paying for it with their time and/or money. You might get to use it free, but it is definitely coming at the cost. And depending how much support it is getting it will stay alive. Otherwise if it doesn’t make financial sense to keep pushing forward it will collapse.

1 Like

I’m ok disagreeing with you, we have a different point of view.
(I send donations to the distros I use.)

Netgate is a Corporation and they have $$. Ubuntu is supported by Canonical, a Corporation, plenty $$. If Canonical decided to stop releasing ubuntu free, I dont know what would happen to their market share.

A dev may build an app and give it out for free till s/he gets enough market share and then charge for upcoming releases. This is the cost of doing business, in my first 3 years I gave things for free, then started charging.

CE 2.7.2 is supported, they have released patches when required.

Just because companies do not release updates does not mean it is not supported - Netgate uses the patch function to update the system when required.

The packages within pfsense are controlled by Netgate, so not all vulnerabilites that may exist in other packages, may not be in Netgate packages.

2.8.0 CE is being worked on as we speak - 2.8.0 - pfSense - pfSense bugtracker

1 Like

Sheridan computers are in the opnsense camp

PJ, the issue I have is this:

Installed pfsense 2.7.2 on many bare metal boxes. In some, I can install telefraf w/o any issues, in other boxes, I get the PHP error. I wrote that the build dates are different; they should not be, the 2.7.2 tree should be frozen.

This borders on religion, make a choice and go with it.

As far as OpenWRT, there are a lot of little pocket routers running this.

Also if you just need routing, Mikrotik has a bunch of stuff out, RouterOS is not that bad once you get working with it.

Or in the words of Tom Lawrence. “Use what makes you happy!” :laughing:

1 Like

I will just buy a license for my businesses. For home, I don’t think there’s anything mission-critical going on. I know it’s tough for us, but everyone has to run their business. I’ve been using pfSense since 2018 and have always recommended it to others. After saving money for this long, we can pay a company a small price for their work.