Log limiters
-
How do I log if someone (IP address) exceeds configured limiters?
-
@mdes is this a problem you are experiencing? If you are i would imagine that your rules isn't applied correctly.
-
I don’t think a connected user can technically exceed a limiter.
Jeff
-
OK, I admit that wording is not accurate - it should be would exceed.
I also run commercial firewall solution and I have ability to list IP addresses and how much bytes were dropped for a time period because of configured limit.
-
@mdes But, that's just the thing. If you set a limit on bandwidth (that's what we're talking about, right?) a host, or an entire network for that matter, isn't going to get anything dropped. They are just going to bump up against the limit you set, and not exceed it.
What other "firewall solution" drops packets like you are describing? That is what you mean, right, they drop packets? There is actually a way, in pfsense thru a traffic shaper limiter function, to drop a percentage of packets, but this is an extreme measure meant to degrade traffic, and not usually recommended.
https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/limiters.html
Jeff
-
@mdes pfsense can't predict what hosts are going to do and i think you would be wasting your time looking for alternatives that can :)
The more important question is what traffic are getting dropped and is it a problem?
-
@akuma1x said in Log limiters:
What other "firewall solution" drops packets like you are describing? That is what you mean, right, they drop packets?
And how would you throttle traffic? What techniques are available?
Using buffers? Is it achievable for 500+ clients and gigabit uplink?
-
@bobbenheim said in Log limiters:
The more important question is what traffic are getting dropped and is it a problem?
Yes, it could be the problem. For example: unauthorized application installed (P2P), misconfigured application, malware... etc.