Zone (interface) Protections
-
Hello,
Curious if there are any plans to have what other firewalls have regarding zone protection mechanisms written in on the software.
Examples of such things would be:
Flood Protection
Recon Protection
Packet buffer Protection
Of course, there are no concepts of Zones but interfaces but just the question is still the same.
All of these rely on some sort of threshold to be met before traffic is dropped. I do have customers that have/need ports open on the WAN side so having some type of mitigation there would be helpful.
Just curious.Thanks
-
You can set limits on the WAN side rules to prevent abusive connections. For example:
https://docs.netgate.com/pfsense/en/latest/firewall/configure.html?highlight=state%20limits#maximum-state-entries-this-rule-can-createSteve
-
@stephenw10 this is pretty good. Is there a method within pfsense for creating a baseline? Say I want to graph how many connections happen within a given hour so I can apply the correct setting for Max connections per second
Also curious is there any plans to create some basic reporting scripts in the future? Reports of many kinds such as (connections per second, top destinations, etc)
-
There are some stats available via Status > Monitoring but not detailed enough to tune an individual rule like that.
You probably want to use something more like vnstat or darkstat.https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html
Steve
-
@stephenw10 Thanks. I have darkstat installed now so will see what info it brings.
vnstat I don't see as an available package but its probably installed as its a dependency for other traffic tools.One last question - for the Traffic Totals tool, it just details the total amount of bandwidth utilized on each Interface. Is there a practical reason why one would want this? For example, I have a WAN RX of 120GiB. How is this data actionable? And what does the Ratio mean, for example, 0.11 or 0.07.
The documentation doesn't give any insight to this but it feels useful here just not sure how. -
The traffic totals tool was created to monitor data usage for users who's ISP set limits. So it shows you the per week and per month total use.
-
@stephenw10 Gotcha. Ok thanks Stephen for answering my questions and providing guidence.