Do we need to use pfsense in our case (ddos protect)?
-
Having a problem: ddos attack 30-40 MBytes, 100К bots, 15К connections/sec
Having filter hardware: Intel Core i7 920 4Gb DDR3 + 2 net-cards intel pro 1000 (WAN and LAN)
Having white rules list /32 all who has an access to server (about 5K rules )
Main task: to protect game server, in the same datacenter, and which is too sensitive for the delays. That's why filter must pass white packets as fast as possible, and block all unknown. The filter server is fully transparent for the gamers.
Such scheme is used: Gamer <-> Filter server<-> Game serverNow, we are using Debian OS and iptables, but want to try a pfsense.
Server must work in a such mode: block all/pass whitelist, block some signatures, connection/bandwidth limit per 1 ip …
Do we need to use pfsense instead Debian? Have we any advantages using pfsense?
The main problem at this moment: packages are held throughout the chain iptables, as a result we have hard server load, sometimes lags. Will the pfsense fix this problem? What advantages can give pfsense for us ?
Thx for the answers.
-
I've tried a lot of hardware for pfsense, but never an i920/x58 system; so you have to try wether it works (but I think so). Haven't you got an old harddisk? Just plug that disk in (and disconnect the debian harddisk) and install. I think you will see the advantages soon enough. Pfsense is specially designed to protect networks.