Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Set pf.conf with pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      st4rtx
      last edited by

      hi all
      how can i set config pfsense same as pf.conf
      i want detect and protect dos attack with pfsense please help me what change in it?

      tanks

      1 Reply Last reply Reply Quote 0
      • B Offline
        billm
        last edited by

        Which pf.conf config are you looking to replicate in pfSense?  Most options are available, but without knowing what you would do in pf.conf for your problem, I'm not sure anyone is going to have the right answer first time.

        –Bill

        pfSense core developer
        blog - http://www.ucsecurity.com/
        twitter - billmarquette

        1 Reply Last reply Reply Quote 0
        • S Offline
          st4rtx
          last edited by

          i want set max connection per ip for stop  dos attack
          in pfsense what option use for stop dos attack?(sym flood and tcp flood)

          1 Reply Last reply Reply Quote 0
          • N Offline
            Nachtfalke
            last edited by

            FIREWALL -> Rules:
            Edit a firewall rule, scroll down to "Advanced Options" click on "advanced" button.
            There is: "Maximum number of established connections per host"

            Is this what you are looking for ?

            1 Reply Last reply Reply Quote 0
            • S Offline
              st4rtx
              last edited by

              yes its right but just in pfsense 2 .thanks for answer

              but i have a problem when limits connection ,pfsense block my ip and not alow to view site how to alow block ip?

              1 Reply Last reply Reply Quote 0
              • W Offline
                wallabybob
                last edited by

                Add a firewall rule above the one limiting the connections. This rule should allow access from your IP.

                Firewall rules are matched from the top down.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  st4rtx
                  last edited by

                  tanks for answer but my problem is for time of block a ip in tableblock
                  i find answer in this forums , tanks all

                  –----------------------------
                  The answer is:
                  First, install crontab package to help changes.

                  then, open services -> crontab

                  change line
                  */60    *    *    *    *    root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot

                  to

                  *    *    *    *    *    root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 120 virusprot
                  or
                  */2    *    *    *    *    root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 120 virusprot

                  The "-t 120" means block ip for two minutes, of course, you can change it to fit your needs.

                  After this, you can limit connections on your pfsense(eg. 10 per second  or 200 per ip or both).
                  if it reaches that limit, in 02 minutes your client can connect again.

                  But if you do not need to free blocked ip, you can change virusprot and sshlockout crontab  rule to check correctly if the default time '-t 3600' has reached.

                  The default rule checks every hour if the blocked ip has been blocked for 60 minutes. But if the ip address is blocked for 59 minutes when cron runs, it will take another 60 minutes to unblock it.

                  Consider a very huge firewall with these rules, if you wait 120 minutes to remove an ip from list you could get a very long list.
                  if you check every minute or every 5 minutes, you will check a smaller list.

                  With these change, you can setup a very huge dynamic rules that prevents DOS without any extra package.
                  Of course Snort, modproxy, and other security tools will improve security on your firewall.

                  I've tested on Pfsense 1.2.3 and 2.0

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.