How to monitor and then sizing Advanced Options of a rule?

  • Hi, pfSense provides excellent fine-grained tunings for a rule to prevent denial of services in the Advanced Options of a firewall rule. In detail, I'm talking of:

    Max. states             Maximum state entries this rule can create.
    Max. src nodes          Maximum number of unique source hosts.
    Max. connections        Maximum number of established connections per host (TCP only).
    Max. src. states        Maximum state entries per host.
    Max. src. conn. Rate    Maximum new connections per host (TCP only).
    Max. src. conn. Rates   / per how many second(s) (TCP only)

    These settings are great, the issue is that it is tricky to get to the correct values without a trial-and-error process, which could affect the production in a bad way.

    What I would like to do is:

    1. Leave all the above settings blank, allowing all incoming traffic (for a single rule)
    2. Monitor it for a week, for example
    3. Query the monitored traffic to get peaks and averages values for each option

    Is this possible and feasable?
    If so, how?

    Best regards, Filippo

Log in to reply