How to monitor and then sizing Advanced Options of a rule?
slamdunk last edited by
Hi, pfSense provides excellent fine-grained tunings for a rule to prevent denial of services in the Advanced Options of a firewall rule. In detail, I'm talking of:
Max. states Maximum state entries this rule can create. Max. src nodes Maximum number of unique source hosts. Max. connections Maximum number of established connections per host (TCP only). Max. src. states Maximum state entries per host. Max. src. conn. Rate Maximum new connections per host (TCP only). Max. src. conn. Rates / per how many second(s) (TCP only)
These settings are great, the issue is that it is tricky to get to the correct values without a trial-and-error process, which could affect the production in a bad way.
What I would like to do is:
- Leave all the above settings blank, allowing all incoming traffic (for a single rule)
- Monitor it for a week, for example
- Query the monitored traffic to get peaks and averages values for each option
Is this possible and feasable?
If so, how?
Best regards, Filippo