Is it possible to limit response to incoming traffic?

darioj · Oct 20, 2011, 9:02 PM

Let's say traffic from various public hosts flows into the WAN, NAT forwards it to a host on OPTx that replies with packets shaped to a certain limit, above which a delay or drop is applied.

Incoming Traffic –--> WAN ----> OPTx
^ |
| Reply is limited |
---<---------<---------<----

Can this level of bandwidth control be achieved with pfsense 2.0 ???

Thanks

marcelloc · Oct 20, 2011, 9:21 PM

The way i did it was by limiting connections per port/service.

what I did in some clients:

Configure advanced rule options to limit connection by second/host
Install crontab package
Edit expiretable rules to reduce check times(in my case, check every minute ips blocked more then 120 seconds)

This way, a host that get blocked by rule, stay only 2 minutes blocked.

darioj · Oct 20, 2011, 9:46 PM

Thanks!

I'll try it right away!