4. How to monitor and then sizing Advanced Options of a rule?

How to monitor and then sizing Advanced Options of a rule?


  • Hi, pfSense provides excellent fine-grained tunings for a rule to prevent denial of services in the Advanced Options of a firewall rule. In detail, I'm talking of:

    Max. states             Maximum state entries this rule can create.
Max. src nodes          Maximum number of unique source hosts.
Max. connections        Maximum number of established connections per host (TCP only).
Max. src. states        Maximum state entries per host.
Max. src. conn. Rate    Maximum new connections per host (TCP only).
Max. src. conn. Rates   / per how many second(s) (TCP only)

    These settings are great, the issue is that it is tricky to get to the correct values without a trial-and-error process, which could affect the production in a bad way.

    What I would like to do is:

    1. Leave all the above settings blank, allowing all incoming traffic (for a single rule)
    2. Monitor it for a week, for example
    3. Query the monitored traffic to get peaks and averages values for each option

    Is this possible and feasable?
    If so, how?

    Best regards, Filippo

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy