Is it possible to limit response to incoming traffic?



  • Let's say traffic from various public hosts flows into the WAN, NAT forwards it to a host on OPTx that replies with packets shaped to a certain limit, above which a delay or drop is applied.

    Incoming Traffic –--> WAN ----> OPTx
            ^                                        |
            |          Reply is limited            |
              ---<---------<---------<----

    Can this level of bandwidth control be achieved with pfsense 2.0  ???

    Thanks



  • The way i did it was by limiting connections per port/service.

    what I did in some clients:

    • Configure advanced rule options to limit connection by second/host

    • Install crontab package

    • Edit expiretable rules to reduce check times(in my case, check every minute ips blocked more then 120 seconds)

    This way, a host that get blocked by rule, stay only 2 minutes blocked.



  • Thanks!

    I'll try it right away!


Log in to reply