SYN Flood Mitigation with pfSense 2.0.1

  • Hello,

    I have a dedicated server with pfSense working as Gateway with NAT protecting other servers.
    The internet connection speed is 1 Gbps.

    I have been experiencing SYN Floods at port 80 by multiple IP Addresses (maybe a botnet) with an average bandwidth of 60 Mbps.
    If I configure NAT to only allow connections on port 80 with selected Source IP Addresses, then the SYN Flood has no effect on pfSense neither my dedicated servers.

    But I can't allow only selected IP Addresses to access port 80, then I need a better solution to let good traffic pass and block syn flood.

    I have tried using synproxy with the NAT Rules, also limiting Maximum state entries per host to 10 and a Low State timeout.

    But that didn't help me.
    The state table size is 390000 and when the attack is happening, with the port 80 open for all IPs with the settings I tested above, the state table is almost full and the firewall stops accepting new connections.

    I would appreciate If you can help me with a configuration that could block the SYN Flood.

    Thank you.

  • Apparently it's very hard to defend against syn-flood.