Does Pfsense Block 2-3 gbit Ddos on this hardware

thresh

Hello,

Sometimes i get ddos attack (2-3 gbit ).
Can i block that attack with pfsense ?

My Hardware :
e3-1230v3 or e3-1225v3 CPU
10gbe NIC
8 or 16 or 32 gb ram
and i have 10gbe uplink

i will reject all protocol except UDP
I just block some ip adress range like xx.xx.xx.xx/24

Well, does pfsense block 2-3 gbit attack on this senario ?
Sorry for my English
Thanks

thresh

Ups

kejianshi

I'm not sure - Why don't you make a VM with similar resources available to the actual hardware you propose to buy and see if it handles it.?

If thats possible for you.  Or you could pull your current drive, set it aside, install a new drive for pfsense test and if it doesn't work as you like, reinstall old drive and boot?

I'd guess there are lots of ways to try it without losing your current configuration in the process.

thresh

what about uptime for customer ? Our network 7/24 active :( That is risk for us. If pfsense can block 2-3 gbit ddos i will put out our mikrotik send mail our customer and put pfsense for security

Supermule

Thats what VM's are for ;)

And no pfsense doesnt block 2-3gbit DDoS if the target is behind the box.

It can break as easily as 20mbit of traffic if the attack is done right…

toomeek

Can You try the following and report results?
<<assuming 53="" attack="" on="" udp="">></assuming>
System: Advanced: Firewall and NAT -> increase Firewall Maximum States value to something like 500000 or more
same for Firewall Maximum Table Entries
on Firewall: Rules -> WAN add a rule:
proto: IPv4 UDP
destination host: IP of target server behind firewall
destination port: DNS (53)
description: NAT DNS antiDOS
enable Advanced Options and set:
Maximum number of unique source hosts: 5
Maximum state entries this rule can create: 20
Maximum state entries per host: 2
Adjust values to Your uplink.

doktornotor

@TooMeeK:

Maximum state entries this rule can create: 20
Maximum state entries per host: 2

Can as well pull the cable…

Supermule

You want people to not beeing able to get to your servers??

Maximum number of unique source hosts: 5
Maximum state entries this rule can create: 20
Maximum state entries per host: 2

toomeek

@Supermule:

You want people to not beeing able to get to your servers??

READ again: Adjust values to Your uplink.
And not SERVERS but server. This is only example for slow link, one DNS server.

Or maybe just give better example, huh?

doktornotor

@thresh:

Sometimes i get ddos attack (2-3 gbit ).
Can i block that attack with pfsense ?

No.

@TooMeeK:

READ again: Adjust values to Your uplink.

Should not run DNS on WAN in the first place. For any other server that needs to be accessible, the suggested values are just not usable.