4. Floating Rules question - limit Wan source connections

Floating Rules question - limit Wan source connections

  • C

    This is my first time to use Floating Rules.
    We have a fully routed pfSense setup with no NAT.

    We have recently experienced several DDoS attacks and just this morning a DoS Amplification attack.

    What we want to do is add floating rules to use specific queues in our shaper but more importantly to limit the amount of new connections per second an external IP can open coming in on our WAN.
    We also want to apply a similar rule that LAN hosts can only open a certain amount of new connection to a destination IP per second to help combat DoS Amplification attacks.

    The problem /confusion here is that we have hundreds of very specific rules controlling inbound traffic from our Wan to our Lan and we don't want the floating rules to interfere with the block/allow rules, just to limit new connections per second.

    We could go and edit each rule individually to set the limits but that is going to take a long time and any adjustments would be a headache to maintain.

    Has anyone any suggestions or experience with a similar situation?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy