Connection Limit

jaybee

I have searched all over and can't figure out how or where to set a limit on the number of connections allowed per client IP address in version 2.1.  Basically, I want to limit each client IP address to say 500 connections to keep one person from opening thousands of connections via torrents.  Any help would be greatly appreciated.  I know in linux this is done with iptables and connlimit.  Can pfsense do this?

Nachtfalke

@jaybee:

I have searched all over and can't figure out how or where to set a limit on the number of connections allowed per client IP address in version 2.1.  Basically, I want to limit each client IP address to say 500 connections to keep one person from opening thousands of connections via torrents.  Any help would be greatly appreciated.  I know in linux this is done with iptables and connlimit.  Can pfsense do this?

Yes.

On firewall rules scroll down and check the "Advanced" options. There will be an option where you can limit the max connections per host.

Guest

As the posted above said, and here's a screenshot:
http://i.imgur.com/PIe3GgI.png

jaybee

I tried that, but when I look at the state summary it will exceed the limit i set.  I set it for 200 just to test and the number of states for one ip was over 300.  It did not allow any more connections, but it doesn't stick to the limit I set.  I set it up in the lan firewall rules with all default settings except for the limit.  Is this supposed to be a "strict limit" or is this the expected behavior?  Also I noticed it said it was for TCP connections only, how can I limit the UDP connections also?  Thanks for you help!

Nachtfalke

Did you configure:

Maximum state entries per host

which should work or did you use:

Maximum number of established connections per host (TCP only)

I think you should use the first one.