Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to monitor and then sizing Advanced Options of a rule?

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 169 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • slamdunkS
      slamdunk
      last edited by

      Hi, pfSense provides excellent fine-grained tunings for a rule to prevent denial of services in the Advanced Options of a firewall rule. In detail, I'm talking of:

      Max. states             Maximum state entries this rule can create.
      Max. src nodes          Maximum number of unique source hosts.
      Max. connections        Maximum number of established connections per host (TCP only).
      Max. src. states        Maximum state entries per host.
      Max. src. conn. Rate    Maximum new connections per host (TCP only).
      Max. src. conn. Rates   / per how many second(s) (TCP only)
      

      These settings are great, the issue is that it is tricky to get to the correct values without a trial-and-error process, which could affect the production in a bad way.

      What I would like to do is:

      1. Leave all the above settings blank, allowing all incoming traffic (for a single rule)
      2. Monitor it for a week, for example
      3. Query the monitored traffic to get peaks and averages values for each option

      Is this possible and feasable?
      If so, how?

      Best regards, Filippo

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.