Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules advanced options

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 12.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m1s1u
      last edited by

      I have a question about "Advanced Options" section in firewall rules editor.
      I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        @m1s1u:

        I have a question about "Advanced Options" section in firewall rules editor.
        I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

        IIRC they are all per src host.

        1 Reply Last reply Reply Quote 0
        • B
          billm
          last edited by

          @m1s1u:

          I have a question about "Advanced Options" section in firewall rules editor.
          I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

          The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

          –Bill

          pfSense core developer
          blog - http://www.ucsecurity.com/
          twitter - billmarquette

          1 Reply Last reply Reply Quote 0
          • L
            Leoandru
            last edited by

            @billm:

            The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

            –Bill

            Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

            EDIT:

            What about an option for limiting the total number of connections per source? "max-src-conn"
            In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.

            1 Reply Last reply Reply Quote 0
            • S
              sullrich
              last edited by

              @Leoandru:

              @billm:

              The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

              –Bill

              Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

              EDIT:

              What about an option for limiting the total number of connections per source? "max-src-conn"
              In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.

              Work up a GUI + filter.inc patch and we will entertain it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.