Captive portal and limiting the number of sessions per IP



  • I have a PFSence install on a large network (+2500) and we mainly use it for the captive portal.  We use no authentication as this is just one of the captive portals saying you agree to take responsibility if you do something illegal.  In addition we have the captive portal set so each user can only use 1.5mb down and 256k up.  What I am wanting to know if it is possible is limit the number of sessions per users.  I think that "Maximum concurrent connections" might be what I need but the text after it makes me think it has more to do with the amount of times the Captive portal webpage would be loaded.

    The reason why this is an issue is the PFsence server feeds into another firewall to block items like porn, ad's and such.  The firewall that the PFsence server feeds into has a limit of 10,000 sessions and we hit this most days and things get really slow.  My hope is if I limit the number of sessions the people that are hogging the network will be slow and everyone else will have good speed.

    Any comment or suggestions would be appreciated.


  • LAYER 8 Netgate

    Not in the portal itself but probably in the firewall advanced rules for the rule that passes outbound sessions.

    In advanced options you have things like:

    Maximum state entries this rule can create
    Maximum number of unique source hosts
    Maximum number of established connections per host (TCP only)
    Maximum state entries per host

    No comment on whether this will enhance or degrade the user experience.


Log in to reply