Blocking / rejecting traffic questions and help



  • Good Day All, If anyone has some suggestions it would be greatly appreciated…...

    I have been running pfsense for 16 months 3 servers 2 x dsl 1 x cable internet connection all carp failover without any problems until last week.  One DSL static IP server runs business phone PBX asterisk system where I only have ports 7000 to 7005 and 10000 to 110000 nat forwarded to the phone server.  The problem is someone futher info can be give (ip address ) is nailing my server with sip requests at 1.05 mb/s a second of traffic is being rejected pretty much rendering that connection useless ... Does this make Sense....

    I added Reject and Block rules under WAN with his IP range....anything else i can do other then report it to abuse...

    Cheers All .. Chris



  • You probably want a block rule rather than a reject rule and you probably want to turn off logging. (Both to reduce overhead on your firewall.)

    You might be able to persuade your ISP to block traffic from those IP addresses to defend you from what is essentially a Denial Of Service attack. If you can identify the attacker from the source IP address you might be able to "persuade" their ISP to block the traffic.

    Depending on what access you need to allow to your systems to might want to be very specific on what traffice from that source is blocked (e.g. block everything or block only UDP traffic to the SIP ports.)



  • Thanks for the Reply, so basically the theory of the guy with the most bandwidth dominates turned logs off thank you since there where ON argg…  At least there is still some margin left on the connection never thought of traffic being blocked causing an issue... Oh well thats why we have redundant paths...

    Chris


Log in to reply