Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Connection Limit

    Firewalling
    3
    5
    4317
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaybee last edited by

      I have searched all over and can't figure out how or where to set a limit on the number of connections allowed per client IP address in version 2.1.  Basically, I want to limit each client IP address to say 500 connections to keep one person from opening thousands of connections via torrents.  Any help would be greatly appreciated.  I know in linux this is done with iptables and connlimit.  Can pfsense do this?

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke last edited by

        @jaybee:

        I have searched all over and can't figure out how or where to set a limit on the number of connections allowed per client IP address in version 2.1.  Basically, I want to limit each client IP address to say 500 connections to keep one person from opening thousands of connections via torrents.  Any help would be greatly appreciated.  I know in linux this is done with iptables and connlimit.  Can pfsense do this?

        Yes.

        On firewall rules scroll down and check the "Advanced" options. There will be an option where you can limit the max connections per host.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          As the posted above said, and here's a screenshot:
          http://i.imgur.com/PIe3GgI.png

          1 Reply Last reply Reply Quote 0
          • J
            jaybee last edited by

            I tried that, but when I look at the state summary it will exceed the limit i set.  I set it for 200 just to test and the number of states for one ip was over 300.  It did not allow any more connections, but it doesn't stick to the limit I set.  I set it up in the lan firewall rules with all default settings except for the limit.  Is this supposed to be a "strict limit" or is this the expected behavior?  Also I noticed it said it was for TCP connections only, how can I limit the UDP connections also?  Thanks for you help!

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke last edited by

              Did you configure:

              
              Maximum state entries per host
              
              

              which should work or did you use:

              
              Maximum number of established connections per host (TCP only)
              
              

              I think you should use the first one.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post