The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.
pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.
The most comprehensive, up to date features listing can be found on the pfSense website.
A community contributed list follows.
Firewall with stateful packet inspection
Easy to use Web Based Graphical Interface
Installation Setup Wizard
Configurable Dashboard with many available widgets
IPv4 and IPv6 support
Wireless Access Point (must install a wireless interface which supports hostap mode), including VAP/MBSS support on certain chips.
Wireless Client Support (802.11 and 3G/4G with supported devices)
Ability to setup and filter/isolate multiple interfaces (LAN, DMZ, etc.)
Traffic Shaping (ALTQ, Limiters, 802.1p match/set, DiffServ/DSCP matching)
State Table controls (per-rule / per-host limits, timers, etc.)
NAT (Port Forwards, 1:1 NAT, Outbound NAT, NPt)
Redundancy/High Availability - CARP+pfsync+XMLRPC Config sync allows for hardware failover. Two or more firewalls can be configured as a failover cluster.
Server Inbound Load Balancing
Network diagnostic utilities such as ping, traceroute, port tests via the GUI (more with packages, such as nmap)
VPN - IPsec (including Phase 2 NAT), OpenVPN, L2TP
Real-time interface traffic graphs
DHCP Server and Relay (IPv4 and IPv6)
Command line shell access (Via console and SSH)
Wake on LAN
Built in packet capture / sniffer
Ability to backup and restore the firewall configuration via the web GUI
Edit files via the web GUI
Virtual interfaces for VLAN, LAGG/LACP, GIF, GRE, PPPoE/PPTP/L2TP/PPP WANs, QinQ, and Bridges
Caching DNS Forwarder/Resolver
Can be run in many virtualization environments
Proxy Server (using packages)