CPS limiting by port
-
I am trying to understand if there is a way to limit the CPS being sent from the WAN on a specific port. If not, is there way to add a systemwide tunable that would allow this type of protection?
I am trying to figure out a way to have pfsense act as a first responder to a dos attack (sip) in a simple way before having to invoke deeper measures.
I've always felt a two stage attack (port 5060 and rtp requests as two way to perform a 2 prong attack) needs a 2 stage approach at prevention, so deeper packet filters are not having to be used and consume less resources in the event of an attack.
I seem to recall a system tunable for cps, but not specific to a port. Does anyone this this type of approach is possible with pfsense?
-
What is CPS?
-
Probably Connections per Second.
If you create an allow rule for a specific port and go to "Advanced Options" you can specify a connections per second limit.
Just make sure that this allow rule is above your default allow rule.
