Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Best practices for mitigating UDP, TCP SYN flood attacks on pfSense

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 402 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 0 Offline
      01xd
      last edited by

      Hello everyone,

      I am running pfSense as my edge firewall and on the WAN interface.

      I want to properly protect my server from flood-type attacks, specifically:

      TCP SYN flood

      UDP flood

      RAW IP / malformed packet traffic

      Currently
      WAN has allow rules for HTTPS (TCP 443)

      My questions are:

      What is the recommended best practice to block or mitigate UDP, SYN, and RAW IP floods on pfSense?

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK Offline
        KOM @01xd
        last edited by

        @01xd Traffic to your WAN not explicitly allowed is blocked by default. If you're trying to stop a DDOS from hitting your WAN, you will need to subscribe to a DDOS mitigation service such as Cloudflare that filters it out before it hits your WAN.

        0 1 Reply Last reply Reply Quote 0
        • 0 Offline
          01xd @KOM
          last edited by

          @KOM thank you

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.