Just learning PFsense and would like some help in regards to ddos. We had around 10k hosts generating 300k+ pps using syn flood from dsl's/hacked boxes etc. In the end we null routed the hosting being attacked upstream. What I want to know is the following:
Best practices for DDOS prevention
How to stop the state table filling up
How to limit the syn packets going to the hosts (spotted the syn proxy but not sure on if it should be a deny or allow rule based on those settings).
Can you fail over pfsense to another pfsense for high traffic on vm's to deal with a huge increase in load (like autostart amazon aws boxes a client does when extra load comes in)
Thanks for any and all help on this.